Edit tour

Windows Analysis Report
psqlodbc_x64.msi

Overview

General Information

Sample Name:psqlodbc_x64.msi
Analysis ID:1346032
MD5:771a6ad5cbc88feacebf160983311541
SHA1:6f417c9d2abfd905461fdacea0ed48c9dd9b5e7d
SHA256:a56b6a093fe39ca024e5c819535f608823c568537e24e945711e8c96380cf177
Infos:

Detection

Score:2
Range:0 - 100
Whitelisted:false
Confidence:40%

Signatures

Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Drops PE files
Tries to load missing DLLs
Deletes files inside the Windows folder
Creates files inside the system directory
PE file contains sections with non-standard names
PE file contains more sections than normal
Checks for available system drives (often done to infect USB drives)
Found dropped PE file which has not been started or loaded

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Analysis Advice

Sample drops PE files which have not been started, submit dropped PE samples for a secondary analysis to Joe Sandbox
Sample is looking for USB drives. Launch the sample with the USB Fake Disk cookbook
Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior
  • System is w10x64
  • msiexec.exe (PID: 572 cmdline: "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\psqlodbc_x64.msi" MD5: E5DA170027542E25EDE42FC54C929077)
  • msiexec.exe (PID: 5452 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)
    • msiexec.exe (PID: 1412 cmdline: C:\Windows\System32\MsiExec.exe -Embedding DA45A90C43714F84B3F246CC87EA289F MD5: E5DA170027542E25EDE42FC54C929077)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Snort rule has matched

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\psqlODBCJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\psqlODBC\1600Jump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\psqlODBC\1600\binJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\psqlODBC\1600\bin\libcrypto-3-x64.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\psqlODBC\1600\bin\libiconv-2.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\psqlODBC\1600\bin\libintl-9.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\psqlODBC\1600\bin\libpq.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\psqlODBC\1600\bin\libssl-3-x64.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\psqlODBC\1600\bin\libwinpthread-1.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\psqlODBC\1600\bin\msvcp140.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\psqlODBC\1600\bin\pgenlist.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\psqlODBC\1600\bin\pgenlist.pdbJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\psqlODBC\1600\bin\pgenlista.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\psqlODBC\1600\bin\pgenlista.pdbJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\psqlODBC\1600\bin\pgxalib.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\psqlODBC\1600\bin\psqlodbc30a.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\psqlODBC\1600\bin\psqlodbc30a.pdbJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\psqlODBC\1600\bin\psqlodbc35w.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\psqlODBC\1600\bin\psqlodbc35w.pdbJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\psqlODBC\1600\bin\vcruntime140.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{128C70F8-E74C-49E7-B3F1-0B8CAC1AF4C5}Jump to behavior
Source: Binary string: cwdC:\Users\user\GIT\psqlodbc-16.00.0000\winbuildexeC:\Program Files (x86)\Microsoft Visual Studio\2017\Community\VC\Tools\MSVC\14.16.27023\bin\HostX86\x64\link.exepdbC:\Users\user\GIT\psqlodbc-16.00.0000\x64_Unicode_Release\psqlodbc35w.pdbcmd /ERRORREPORT:QUEUE /OUT:..\x64_Unicode_Release\psqlodbc35w.dll /INCREMENTAL:NO /NOLOGO /LIBPATH:C:\home\PostgreSQL_x64\lib /LIBPATH:..\x64_Unicode_Release\ /DEF:..\psqlodbc.def /DELAYLOAD:secur32.dll /DELAYLOAD:pgenlist.dll /MANIFEST "/MANIFESTUAC:level='asInvoker' uiAccess='false'" /manifest:embed /DEBUG /PDB:..\x64_Unicode_Release\psqlodbc35w.pdb /SUBSYSTEM:WINDOWS,5.02 /OPT:REF /OPT:ICF /LTCG:incremental /TLBID:1 /DYNAMICBASE /NXCOMPAT /DELAY:UNLOAD /IMPLIB:..\x64_Unicode_Release\psqlodbc35w.lib /MACHINE:X64 /DLL source: psqlodbc35w.pdb.1.dr
Source: Binary string: psqlodbc30a.pdb4psqlodbc30a.pdb.970B6E07_7105_4D66_80FA_9E208952FB96 source: MSIC90F.tmp.1.dr
Source: Binary string: pgenlista.pdb.970B6E07_7105_4D66_80FA_9E208952FB96 source: psqlodbc_x64.msi, 3ec110.msi.1.dr, 3ec112.msi.1.dr, MSIC90F.tmp.1.dr
Source: Binary string: /ERRORREPORT:QUEUE /OUT:..\x64_Unicode_Release\pgenlist.dll /INCREMENTAL:NO /NOLOGO /LIBPATH:..\x64_Unicode_Release\ /DELAYLOAD:XOLEHLP.dll /MANIFEST "/MANIFESTUAC:level='asInvoker' uiAccess='false'" /manifest:embed /DEBUG /PDB:..\x64_Unicode_Release\pgenlist.pdb /SUBSYSTEM:WINDOWS,5.02 /OPT:REF /OPT:ICF /LTCG:incremental /TLBID:1 /DYNAMICBASE /NXCOMPAT /IMPLIB:..\x64_Unicode_Release\pgenlist.lib /MACHINE:X64 /DLL source: pgenlist.pdb.1.dr
Source: Binary string: psqlodbc35w.pdb4psqlodbc35w.pdb.970B6E07_7105_4D66_80FA_9E208952FB96 source: MSIC90F.tmp.1.dr
Source: Binary string: psqlodbc30a.pdb.970B6E07_7105_4D66_80FA_9E208952FB96 source: psqlodbc_x64.msi, 3ec110.msi.1.dr, 3ec112.msi.1.dr, MSIC90F.tmp.1.dr
Source: Binary string: o:\winmain.obj.amd64fre\com\published\idlole\public\objfre\amd64\unknwn_i.cd:\winmain\com\published\idlole\public\vc90.pdbd:\agent\_work\2\s\src\vctools\crt\vcstartup\src\gs\amd64\amdsecgs.asmd:\agent\_work\2\s\src\vctools\crt\vcstartup\src\misc\amd64\guard_dispatch.asmC:\Users\user\GIT\psqlodbc-16.00.0000\x64_ANSI_Release\pgenlista.pdb source: pgenlista.pdb.1.dr
Source: Binary string: d:\agent\_work\2\s\Intermediate\vctools\legacy_stdio_definitions.nativeproj_843097084\objr\amd64\legacy_stdio_definitions.compile.pdb source: psqlodbc30a.pdb.1.dr, psqlodbc35w.pdb.1.dr
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC source: libcrypto-3-x64.dll.1.dr
Source: Binary string: psqlodbc30a.pdb4 source: MSIC90F.tmp.1.dr
Source: Binary string: C:\Users\user\GIT\psqlodbc-16.00.0000\x64_ANSI_Release\pgenlista.pdb source: pgenlista.pdb.1.dr, pgenlista.dll.1.dr
Source: Binary string: D:\Thirdparty\openssl-3.0.10\libssl-3-x64.pdb source: libssl-3-x64.dll.1.dr
Source: Binary string: o:\winmain.obj.amd64fre\com\published\idlole\public\objfre\amd64\unknwn_i.cd:\winmain\com\published\idlole\public\vc90.pdbd:\agent\_work\2\s\src\vctools\crt\vcstartup\src\gs\amd64\amdsecgs.asmd:\agent\_work\2\s\src\vctools\crt\vcstartup\src\misc\amd64\guard_dispatch.asmC:\Users\user\GIT\psqlodbc-16.00.0000\x64_Unicode_Release\pgenlist.pdb source: pgenlist.pdb.1.dr
Source: Binary string: pgenlist.pdb1 source: MSIC90F.tmp.1.dr
Source: Binary string: pgenlista.pdb@ source: MSIC90F.tmp.1.dr
Source: Binary string: psqlodbc30a.pdb@ source: MSIC90F.tmp.1.dr
Source: Binary string: /ERRORREPORT:QUEUE /OUT:..\x64_ANSI_Release\psqlodbc30a.dll /INCREMENTAL:NO /NOLOGO /LIBPATH:C:\home\PostgreSQL_x64\lib /LIBPATH:..\x64_ANSI_Release\ /DEF:..\psqlodbca.def /DELAYLOAD:secur32.dll /DELAYLOAD:pgenlista.dll /MANIFEST "/MANIFESTUAC:level='asInvoker' uiAccess='false'" /manifest:embed /DEBUG /PDB:..\x64_ANSI_Release\psqlodbc30a.pdb /SUBSYSTEM:WINDOWS,5.02 /OPT:REF /OPT:ICF /LTCG:incremental /TLBID:1 /DYNAMICBASE /NXCOMPAT /DELAY:UNLOAD /IMPLIB:..\x64_ANSI_Release\psqlodbc30a.lib /MACHINE:X64 /DLL source: psqlodbc30a.pdb.1.dr
Source: Binary string: d:\agent\_work\2\s\Intermediate\vctools\legacy_stdio_wide_specifiers.nativeproj_1786514370\objr\amd64\legacy_stdio_wide_specifiers.compile.pdb source: psqlodbc30a.pdb.1.dr, psqlodbc35w.pdb.1.dr
Source: Binary string: d:\agent\_work\2\s\src\vctools\crt\vcstartup\src\gs\amd64\amdsecgs.asmd:\agent\_work\2\s\src\vctools\crt\vcstartup\src\misc\amd64\chkstk.asmd:\agent\_work\2\s\src\vctools\crt\vcstartup\src\misc\amd64\guard_dispatch.asmC:\Users\user\GIT\psqlodbc-16.00.0000\x64_ANSI_Release\psqlodbc30a.pdb source: psqlodbc30a.pdb.1.dr
Source: Binary string: d:\agent\_work\2\s\Intermediate\vctools\msvcrt.nativeproj_110336922\objr\amd64\msvcrt.compile.pdb source: psqlodbc30a.pdb.1.dr, pgenlista.pdb.1.dr, pgenlist.pdb.1.dr, psqlodbc35w.pdb.1.dr
Source: Binary string: D:\a\postgresql-packaging-foundation\postgresql-packaging-foundation\postgresql-16.0\Release\libpq\libpq.pdbII source: libpq.dll.1.dr
Source: Binary string: tee46vkh.pdb|pgenlista.pdb2 source: MSIC90F.tmp.1.dr
Source: Binary string: C:\Program Files\psqlODBC\1600\bin\psqlodbc35w.pdb source: 3ec111.rbs.1.dr
Source: Binary string: D:\Thirdparty\openssl-3.0.10\libcrypto-3-x64.pdb source: libcrypto-3-x64.dll.1.dr
Source: Binary string: psqlodbc35w.pdb.970B6E07_7105_4D66_80FA_9E208952FB96 source: psqlodbc_x64.msi, 3ec110.msi.1.dr, 3ec112.msi.1.dr, MSIC90F.tmp.1.dr
Source: Binary string: C:\Users\user\GIT\psqlodbc-16.00.0000\x64_ANSI_Release\psqlodbc30a.pdb55 source: psqlodbc30a.dll.1.dr
Source: Binary string: C:\Users\user\GIT\psqlodbc-16.00.0000\x64_ANSI_Release\pgenlist\vc141.pdb source: pgenlista.pdb.1.dr
Source: Binary string: C:\Users\user\GIT\psqlodbc-16.00.0000\x64_ANSI_Release\psqlodbc30a.pdb source: psqlodbc30a.pdb.1.dr, psqlodbc30a.dll.1.dr
Source: Binary string: d:\agent\_work\2\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: vcruntime140.dll.1.dr
Source: Binary string: 2C:\Program Files\psqlODBC\1600\bin\psqlodbc30a.pdb source: 3ec111.rbs.1.dr
Source: Binary string: d:\agent\_work\2\s\src\vctools\crt\vcstartup\src\gs\amd64\amdsecgs.asmd:\agent\_work\2\s\src\vctools\crt\vcstartup\src\misc\amd64\chkstk.asmd:\agent\_work\2\s\src\vctools\crt\vcstartup\src\misc\amd64\guard_dispatch.asmC:\Users\user\GIT\psqlodbc-16.00.0000\x64_Unicode_Release\psqlodbc35w.pdb source: psqlodbc35w.pdb.1.dr
Source: Binary string: psqlodbc30a.pdb.970B6E07_7105_4D66_80FA_9E208952FB96 source: psqlodbc_x64.msi, 3ec110.msi.1.dr, 3ec112.msi.1.dr
Source: Binary string: pgenlist.pdb source: MSIC90F.tmp.1.dr
Source: Binary string: pgenlista.pdb source: MSIC90F.tmp.1.dr
Source: Binary string: C:\agent\_work\66\s\build\ship\x86\uica.pdb source: psqlodbc_x64.msi, 3ec110.msi.1.dr, 3ec112.msi.1.dr
Source: Binary string: cwdC:\Users\user\GIT\psqlodbc-16.00.0000\winbuildexeC:\Program Files (x86)\Microsoft Visual Studio\2017\Community\VC\Tools\MSVC\14.16.27023\bin\HostX86\x64\link.exepdbC:\Users\user\GIT\psqlodbc-16.00.0000\x64_ANSI_Release\psqlodbc30a.pdbcmd /ERRORREPORT:QUEUE /OUT:..\x64_ANSI_Release\psqlodbc30a.dll /INCREMENTAL:NO /NOLOGO /LIBPATH:C:\home\PostgreSQL_x64\lib /LIBPATH:..\x64_ANSI_Release\ /DEF:..\psqlodbca.def /DELAYLOAD:secur32.dll /DELAYLOAD:pgenlista.dll /MANIFEST "/MANIFESTUAC:level='asInvoker' uiAccess='false'" /manifest:embed /DEBUG /PDB:..\x64_ANSI_Release\psqlodbc30a.pdb /SUBSYSTEM:WINDOWS,5.02 /OPT:REF /OPT:ICF /LTCG:incremental /TLBID:1 /DYNAMICBASE /NXCOMPAT /DELAY:UNLOAD /IMPLIB:..\x64_ANSI_Release\psqlodbc30a.lib /MACHINE:X64 /DLL source: psqlodbc30a.pdb.1.dr
Source: Binary string: d:\agent\_work\2\s\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb source: msvcp140.dll.1.dr
Source: Binary string: pgenlist.pdb.970B6E07_7105_4D66_80FA_9E208952FB96 source: psqlodbc_x64.msi, 3ec110.msi.1.dr, 3ec112.msi.1.dr, MSIC90F.tmp.1.dr
Source: Binary string: pgenlista.pdb.970B6E07_7105_4D66_80FA_9E208952FB96 source: psqlodbc_x64.msi, 3ec110.msi.1.dr, 3ec112.msi.1.dr
Source: Binary string: psqlodbc35w.pdb.970B6E07_7105_4D66_80FA_9E208952FB96 source: psqlodbc_x64.msi, 3ec110.msi.1.dr, 3ec112.msi.1.dr
Source: Binary string: psqlodbc30a.pdb source: MSIC90F.tmp.1.dr
Source: Binary string: D:\Thirdparty\openssl-3.0.10\libssl-3-x64.pdbDD source: libssl-3-x64.dll.1.dr
Source: Binary string: C:\Users\user\GIT\psqlodbc-16.00.0000\x64_Unicode_Release\psqlodbc35w.pdb88 source: psqlodbc35w.dll.1.dr
Source: Binary string: C:\Program Files\psqlODBC\1600\bin\psqlodbc30a.pdb source: 3ec111.rbs.1.dr
Source: Binary string: /ERRORREPORT:QUEUE /OUT:..\x64_Unicode_Release\psqlodbc35w.dll /INCREMENTAL:NO /NOLOGO /LIBPATH:C:\home\PostgreSQL_x64\lib /LIBPATH:..\x64_Unicode_Release\ /DEF:..\psqlodbc.def /DELAYLOAD:secur32.dll /DELAYLOAD:pgenlist.dll /MANIFEST "/MANIFESTUAC:level='asInvoker' uiAccess='false'" /manifest:embed /DEBUG /PDB:..\x64_Unicode_Release\psqlodbc35w.pdb /SUBSYSTEM:WINDOWS,5.02 /OPT:REF /OPT:ICF /LTCG:incremental /TLBID:1 /DYNAMICBASE /NXCOMPAT /DELAY:UNLOAD /IMPLIB:..\x64_Unicode_Release\psqlodbc35w.lib /MACHINE:X64 /DLL source: psqlodbc35w.pdb.1.dr
Source: Binary string: C:\Users\user\GIT\psqlodbc-16.00.0000\x64_Unicode_Release\pgenlist.pdb source: pgenlist.pdb.1.dr, pgenlist.dll.1.dr
Source: Binary string: 2C:\Program Files\psqlODBC\1600\bin\psqlodbc35w.pdb source: 3ec111.rbs.1.dr
Source: Binary string: psqlodbc35w.pdb source: MSIC90F.tmp.1.dr
Source: Binary string: cwdC:\Users\user\GIT\psqlodbc-16.00.0000\winbuildexeC:\Program Files (x86)\Microsoft Visual Studio\2017\Community\VC\Tools\MSVC\14.16.27023\bin\HostX86\x64\link.exepdbC:\Users\user\GIT\psqlodbc-16.00.0000\x64_Unicode_Release\pgenlist.pdbcmd /ERRORREPORT:QUEUE /OUT:..\x64_Unicode_Release\pgenlist.dll /INCREMENTAL:NO /NOLOGO /LIBPATH:..\x64_Unicode_Release\ /DELAYLOAD:XOLEHLP.dll /MANIFEST "/MANIFESTUAC:level='asInvoker' uiAccess='false'" /manifest:embed /DEBUG /PDB:..\x64_Unicode_Release\pgenlist.pdb /SUBSYSTEM:WINDOWS,5.02 /OPT:REF /OPT:ICF /LTCG:incremental /TLBID:1 /DYNAMICBASE /NXCOMPAT /IMPLIB:..\x64_Unicode_Release\pgenlist.lib /MACHINE:X64 /DLL source: pgenlist.pdb.1.dr
Source: Binary string: tee46vkh.pdb|pgenlista.pdb2pgenlista.pdb.970B6E07_7105_4D66_80FA_9E208952FB96 source: MSIC90F.tmp.1.dr
Source: Binary string: psqlodbc35w.pdb4 source: MSIC90F.tmp.1.dr
Source: Binary string: C:\Users\user\GIT\psqlodbc-16.00.0000\x64_Unicode_Release\pgenlist\vc141.pdb source: pgenlist.pdb.1.dr
Source: Binary string: C:\Users\user\GIT\psqlodbc-16.00.0000\x64_Unicode_Release\vc141.pdb source: psqlodbc35w.pdb.1.dr
Source: Binary string: /C:\Program Files\psqlODBC\1600\bin\pgenlist.pdb source: 3ec111.rbs.1.dr
Source: Binary string: C:\Users\user\GIT\psqlodbc-16.00.0000\x64_Unicode_Release\psqlodbc35w.pdb source: psqlodbc35w.dll.1.dr, psqlodbc35w.pdb.1.dr
Source: Binary string: cwdd:\winmain\com\published\idlole\publiccld:\winmain\tools\x86\amd64\cl.EXEcmd-Foo:\winmain.obj.amd64fre\com\published\idlole\public\objfre\amd64\ -FC -MT -Id:\winmain\com\published\idlole\public\amd64\ -Id:\winmain\com\published\idlole\public -Io:\winmain.obj.amd64fre\com\published\idlole\public\objfre\amd64 -Id:\winmain\COM\inc -Io:\winmain.obj.amd64fre\COM\inc\objfre\amd64 -Id:\winmain.public.amd64fre\internal\COM\inc -Id:\winmain.public.amd64fre\oak\inc -Id:\winmain.public.amd64fre\sdk\inc -Id:\winmain.public.amd64fre\internal\minwin\sdk\inc -Id:\winmain.public.amd64fre\sdk\inc\crt -D_WIN64 -D_AMD64_ -DAMD64 -DCONDITION_HANDLING=1 -DNT_UP=1 -DNT_INST=0 -DWIN32=100 -D_NT1X_=100 -DWINNT=1 -D_WIN32_WINNT=0x0601 -DWINVER=0x0601 -D_WIN32_IE=0x0800 -DWIN32_LEAN_AND_MEAN=1 -DOFFICIAL_BUILD=1 -DDEVL=1 -D__BUILDDATE__=081030-1900 -D__BUILDMACHINE__=winmain -DNDEBUG -D_OBJIDL_PUBLIC -D_MIDL_USE_GUIDDEF_ -D__RPCNDR_H__ -D__RPC_H__ -DRPC_NO_WINDOWS_H -DCOM_NO_WINDOWS_H -DGUID_DEFS_ONLY -DUSE_COM_CONTEXT_DEF -DNTDDI_VERSION=0x06010000 -c -Zc:wchar_t- -Zl -Zp8 -Gy -W3 -WX -d1import_no_registry -EHs- -EHc- -GR- -GF -GS -Ox -Os -Z7 -DKMDF_MAJOR_VERSION_STRING=01 -DKMDF_MINOR_VERSION_STRING=009 -typedil- -wd4603 -wd4627 -FId:\winmain.public.amd64fre\sdk\inc\warning.h -FId:\winmain.public.amd64fre\internal\Base\inc\warning_x.h -TC -Xsrco:\winmain.obj.amd64fre\com\published\idlole\public\objfre\amd64\unknwn_i.cpdbd:\winmain\com\published\idlole\public\vc90.pdb source: pgenlista.pdb.1.dr, pgenlist.pdb.1.dr
Source: Binary string: pgenlist.pdb1pgenlist.pdb.970B6E07_7105_4D66_80FA_9E208952FB96 source: MSIC90F.tmp.1.dr
Source: Binary string: D:\a\postgresql-packaging-foundation\postgresql-packaging-foundation\postgresql-16.0\Release\libpq\libpq.pdb source: libpq.dll.1.dr
Source: Binary string: pgenlist.pdb@ source: MSIC90F.tmp.1.dr
Source: Binary string: d:\agent\_work\2\s\Intermediate\vctools\delayimp.nativeproj__775816167\objr\amd64\delayimp.compile.pdb source: psqlodbc30a.pdb.1.dr, pgenlista.pdb.1.dr, pgenlist.pdb.1.dr, psqlodbc35w.pdb.1.dr
Source: Binary string: /ERRORREPORT:QUEUE /OUT:..\x64_ANSI_Release\pgenlista.dll /INCREMENTAL:NO /NOLOGO /LIBPATH:..\x64_ANSI_Release\ /DELAYLOAD:XOLEHLP.dll /MANIFEST "/MANIFESTUAC:level='asInvoker' uiAccess='false'" /manifest:embed /DEBUG /PDB:..\x64_ANSI_Release\pgenlista.pdb /SUBSYSTEM:WINDOWS,5.02 /OPT:REF /OPT:ICF /LTCG:incremental /TLBID:1 /DYNAMICBASE /NXCOMPAT /IMPLIB:..\x64_ANSI_Release\pgenlista.lib /MACHINE:X64 /DLL source: pgenlista.pdb.1.dr
Source: Binary string: psqlodbc35w.pdb@ source: MSIC90F.tmp.1.dr
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PICOpenSSL 3.0.10 1 Aug 20233.0.10built on: Thu Aug 3 12:22:13 2023 UTCplatform: VC-WIN64AOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "D:\Thirdparty\thirdparty-builds\openssl-3.0.10-withoutfips-build\lib\engines-3"MODULESDIR: "D:\Thirdparty\thirdparty-builds\openssl-3.0.10-withoutfips-build\lib\ossl-modules"CPUINFO: N/Anot availableget_and_lockcrypto\ex_data.cossl_crypto_get_ex_new_index_exossl_crypto_new_ex_data_exCRYPTO_dup_ex_dataCRYPTO_set_ex_dataOPENSSL_WIN32_UTF8crypto\getenv.ccompiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC;os-specificC:\Program Files\Common Files\SSLD:\Thirdparty\thirdparty-builds\openssl-3.0.10-withoutfips-build\lib\ossl-modules.dllCPUINFO: crypto\init.cOPENSSL_init_cryptoOPENSSL_atexitcrypto\initthread.ccrypto\mem_sec.cassertion failed: (bit & 1) == 0assertion failed: list >= 0 && list < sh.freelist_sizeassertion failed: ((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0assertion failed: bit > 0 && bit < sh.bittable_sizeassertion failed: TESTBIT(table, bit)assertion failed: !TESTBIT(table, bit)assertion failed: WITHIN_FREELIST(list)assertion failed: WITHIN_ARENA(ptr)assertion failed: temp->next == NULL || WITHIN_ARENA(temp->next)assertion failed: (char **)temp->next->p_next == listassertion failed: WITHIN_FREELIST(temp2->p_next) || WITHIN_ARENA(temp2->p_next)assertion failed: size > 0assertion failed: (size & (size - 1)) == 0assertion failed: (minsize & (minsize - 1)) == 0assertion failed: sh.freelist != NULLassertion failed: sh.bittable != NULLassertion failed: sh.bitmalloc != NULLassertion failed: !sh_testbit(temp, slist, sh.bitmalloc)assertion failed: temp != sh.freelist[slist]assertion failed: sh.freelist[slist] == tempassertion failed: temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist)assertion failed: sh_testbit(chunk, list, sh.bittable)assertion failed: WITHIN_ARENA(chunk)assertion failed: sh_testbit(ptr, list, sh.bittable)assertion failed: ptr == sh_find_my_buddy(buddy, list)assertion failed: ptr != NULLassertion failed: !sh_testbit(ptr, list, sh.bitmalloc)assertion failed: sh.freelist[list] == ptr/*0123456789ABCDEFCRYPTO_memdupcrypto\o_str.chexstr2buf_sepossl_hexstr2buf_sepbuf2hexstr_sepossl_buf2hexstr_sepcrypto\packet.cwpacket_intern_init_lenWPACKET_start_sub_packet_len__crypto\param_build.cparam_pushparam_push_numOSSL_PARAM_BLD_push_BN_padNegative big numbers are unsupported for OSSL_PARAMOSSL_PARAM_BLD_push_utf8_stringOSSL_PARAM_BLD_push_utf8_ptrOSSL_PARAM_BLD_push_octet_stringOSSL_PARAM_BLD_push_octet_ptrOSSL_PARAM_BLD_to_paramcrypto\params.c source: libcrypto-3-x64.dll.1.dr
Source: Binary string: cwdC:\Users\user\GIT\psqlodbc-16.00.0000\winbuildexeC:\Program Files (x86)\Microsoft Visual Studio\2017\Community\VC\Tools\MSVC\14.16.27023\bin\HostX86\x64\link.exepdbC:\Users\user\GIT\psqlodbc-16.00.0000\x64_ANSI_Release\pgenlista.pdbcmd /ERRORREPORT:QUEUE /OUT:..\x64_ANSI_Release\pgenlista.dll /INCREMENTAL:NO /NOLOGO /LIBPATH:..\x64_ANSI_Release\ /DELAYLOAD:XOLEHLP.dll /MANIFEST "/MANIFESTUAC:level='asInvoker' uiAccess='false'" /manifest:embed /DEBUG /PDB:..\x64_ANSI_Release\pgenlista.pdb /SUBSYSTEM:WINDOWS,5.02 /OPT:REF /OPT:ICF /LTCG:incremental /TLBID:1 /DYNAMICBASE /NXCOMPAT /IMPLIB:..\x64_ANSI_Release\pgenlista.lib /MACHINE:X64 /DLL source: pgenlista.pdb.1.dr
Source: Binary string: C:\Program Files\psqlODBC\1600\bin\pgenlist.pdb source: 3ec111.rbs.1.dr
Source: Binary string: 0C:\Program Files\psqlODBC\1600\bin\pgenlista.pdb source: 3ec111.rbs.1.dr
Source: Binary string: pgenlist.pdb.970B6E07_7105_4D66_80FA_9E208952FB96t source: psqlodbc_x64.msi, 3ec110.msi.1.dr, 3ec112.msi.1.dr
Source: Binary string: C:\Users\user\GIT\psqlodbc-16.00.0000\x64_ANSI_Release\vc141.pdb source: psqlodbc30a.pdb.1.dr
Source: Binary string: C:\Program Files\psqlODBC\1600\bin\pgenlista.pdb source: 3ec111.rbs.1.dr
Source: Binary string: d:\winmain\com\published\idlole\public\vc90.pdb source: pgenlista.pdb.1.dr, pgenlist.pdb.1.dr
Source: Binary string: C:\Users\user\GIT\psqlodbc-16.00.0000\x64_Unicode_Release\pgxalib.pdb source: pgxalib.dll.1.dr
Source: C:\Windows\System32\msiexec.exeFile opened: z:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: x:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: v:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: t:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: r:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: p:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: n:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: l:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: j:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: h:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: f:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: b:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: y:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: w:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: u:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: s:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: q:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: o:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: m:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: k:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: i:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: g:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: e:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: c:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: a:Jump to behavior
Source: psqlodbc_x64.msi, 3ec110.msi.1.dr, 3ec112.msi.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: psqlodbc_x64.msi, 3ec110.msi.1.dr, 3ec112.msi.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: psqlodbc_x64.msi, 3ec110.msi.1.dr, 3ec112.msi.1.drString found in binary or memory: http://cacerts.digicert.com/NETFoundationProjectsCodeSigningCA.crt0
Source: psqlodbc_x64.msi, 3ec110.msi.1.dr, 3ec112.msi.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: psqlodbc_x64.msi, 3ec110.msi.1.dr, 3ec112.msi.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0=
Source: psqlodbc_x64.msi, 3ec110.msi.1.dr, 3ec112.msi.1.drString found in binary or memory: http://crl3.digicert.com/NETFoundationProjectsCodeSigningCA.crl0E
Source: psqlodbc_x64.msi, 3ec110.msi.1.dr, 3ec112.msi.1.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: psqlodbc_x64.msi, 3ec110.msi.1.dr, 3ec112.msi.1.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: psqlodbc_x64.msi, 3ec110.msi.1.dr, 3ec112.msi.1.drString found in binary or memory: http://crl4.digicert.com/NETFoundationProjectsCodeSigningCA.crl0L
Source: psqlodbc_x64.msi, 3ec110.msi.1.dr, 3ec112.msi.1.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: libwinpthread-1.dll.1.drString found in binary or memory: http://mingw-w64.sourceforge.net/X
Source: psqlodbc_x64.msi, 3ec110.msi.1.dr, 3ec112.msi.1.drString found in binary or memory: http://ocsp.digicert.com0C
Source: psqlodbc_x64.msi, 3ec110.msi.1.dr, 3ec112.msi.1.drString found in binary or memory: http://ocsp.digicert.com0K
Source: psqlodbc_x64.msi, 3ec110.msi.1.dr, 3ec112.msi.1.drString found in binary or memory: http://ocsp.digicert.com0N
Source: psqlodbc_x64.msi, 3ec110.msi.1.dr, 3ec112.msi.1.drString found in binary or memory: http://ocsp.digicert.com0O
Source: psqlodbc_x64.msi, 3ec110.msi.1.dr, 3ec112.msi.1.drString found in binary or memory: http://wixtoolset.org
Source: libintl-9.dll.1.drString found in binary or memory: http://www.gnu.org/licenses/
Source: psqlodbc_x64.msi, 3ec110.msi.1.dr, 3ec112.msi.1.drString found in binary or memory: https://www.digicert.com/CPS0
Source: libiconv-2.dll.1.drString found in binary or memory: https://www.gnu.org/licenses/
Source: libcrypto-3-x64.dll.1.dr, libssl-3-x64.dll.1.drString found in binary or memory: https://www.openssl.org/H
Source: psqlodbc_x64.msiBinary or memory string: OriginalFilenameuica.dll\ vs psqlodbc_x64.msi
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\3ec112.msiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\3ec110.msiJump to behavior
Source: libwinpthread-1.dll.1.drStatic PE information: Number of sections : 12 > 10
Source: libintl-9.dll.1.drStatic PE information: Number of sections : 20 > 10
Source: libiconv-2.dll.1.drStatic PE information: Number of sections : 20 > 10
Source: unknownProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\psqlodbc_x64.msi"
Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding DA45A90C43714F84B3F246CC87EA289F
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding DA45A90C43714F84B3F246CC87EA289FJump to behavior
Source: psqlodbc_x64.msiStatic file information: TRID: Microsoft Windows Installer (60509/1) 88.31%
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\psqlODBCJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\TEMP\~DF01D37CDA26703B2F.TMPJump to behavior
Source: C:\Windows\System32\msiexec.exeFile written: C:\Windows\ODBCINST.INIJump to behavior
Source: classification engineClassification label: clean2.winMSI@4/37@0/0
Source: C:\Windows\System32\msiexec.exeFile read: C:\Windows\win.iniJump to behavior
Source: C:\Windows\System32\msiexec.exeAutomated click: Next
Source: C:\Windows\System32\msiexec.exeAutomated click: I accept the terms in the License Agreement
Source: C:\Windows\System32\msiexec.exeAutomated click: Next
Source: C:\Windows\System32\msiexec.exeAutomated click: Next
Source: C:\Windows\System32\msiexec.exeAutomated click: Install
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: psqlodbc_x64.msiStatic file information: File size 5967872 > 1048576
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\psqlODBCJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\psqlODBC\1600Jump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\psqlODBC\1600\binJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\psqlODBC\1600\bin\libcrypto-3-x64.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\psqlODBC\1600\bin\libiconv-2.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\psqlODBC\1600\bin\libintl-9.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\psqlODBC\1600\bin\libpq.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\psqlODBC\1600\bin\libssl-3-x64.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\psqlODBC\1600\bin\libwinpthread-1.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\psqlODBC\1600\bin\msvcp140.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\psqlODBC\1600\bin\pgenlist.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\psqlODBC\1600\bin\pgenlist.pdbJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\psqlODBC\1600\bin\pgenlista.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\psqlODBC\1600\bin\pgenlista.pdbJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\psqlODBC\1600\bin\pgxalib.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\psqlODBC\1600\bin\psqlodbc30a.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\psqlODBC\1600\bin\psqlodbc30a.pdbJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\psqlODBC\1600\bin\psqlodbc35w.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\psqlODBC\1600\bin\psqlodbc35w.pdbJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\psqlODBC\1600\bin\vcruntime140.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{128C70F8-E74C-49E7-B3F1-0B8CAC1AF4C5}Jump to behavior
Source: Binary string: cwdC:\Users\user\GIT\psqlodbc-16.00.0000\winbuildexeC:\Program Files (x86)\Microsoft Visual Studio\2017\Community\VC\Tools\MSVC\14.16.27023\bin\HostX86\x64\link.exepdbC:\Users\user\GIT\psqlodbc-16.00.0000\x64_Unicode_Release\psqlodbc35w.pdbcmd /ERRORREPORT:QUEUE /OUT:..\x64_Unicode_Release\psqlodbc35w.dll /INCREMENTAL:NO /NOLOGO /LIBPATH:C:\home\PostgreSQL_x64\lib /LIBPATH:..\x64_Unicode_Release\ /DEF:..\psqlodbc.def /DELAYLOAD:secur32.dll /DELAYLOAD:pgenlist.dll /MANIFEST "/MANIFESTUAC:level='asInvoker' uiAccess='false'" /manifest:embed /DEBUG /PDB:..\x64_Unicode_Release\psqlodbc35w.pdb /SUBSYSTEM:WINDOWS,5.02 /OPT:REF /OPT:ICF /LTCG:incremental /TLBID:1 /DYNAMICBASE /NXCOMPAT /DELAY:UNLOAD /IMPLIB:..\x64_Unicode_Release\psqlodbc35w.lib /MACHINE:X64 /DLL source: psqlodbc35w.pdb.1.dr
Source: Binary string: psqlodbc30a.pdb4psqlodbc30a.pdb.970B6E07_7105_4D66_80FA_9E208952FB96 source: MSIC90F.tmp.1.dr
Source: Binary string: pgenlista.pdb.970B6E07_7105_4D66_80FA_9E208952FB96 source: psqlodbc_x64.msi, 3ec110.msi.1.dr, 3ec112.msi.1.dr, MSIC90F.tmp.1.dr
Source: Binary string: /ERRORREPORT:QUEUE /OUT:..\x64_Unicode_Release\pgenlist.dll /INCREMENTAL:NO /NOLOGO /LIBPATH:..\x64_Unicode_Release\ /DELAYLOAD:XOLEHLP.dll /MANIFEST "/MANIFESTUAC:level='asInvoker' uiAccess='false'" /manifest:embed /DEBUG /PDB:..\x64_Unicode_Release\pgenlist.pdb /SUBSYSTEM:WINDOWS,5.02 /OPT:REF /OPT:ICF /LTCG:incremental /TLBID:1 /DYNAMICBASE /NXCOMPAT /IMPLIB:..\x64_Unicode_Release\pgenlist.lib /MACHINE:X64 /DLL source: pgenlist.pdb.1.dr
Source: Binary string: psqlodbc35w.pdb4psqlodbc35w.pdb.970B6E07_7105_4D66_80FA_9E208952FB96 source: MSIC90F.tmp.1.dr
Source: Binary string: psqlodbc30a.pdb.970B6E07_7105_4D66_80FA_9E208952FB96 source: psqlodbc_x64.msi, 3ec110.msi.1.dr, 3ec112.msi.1.dr, MSIC90F.tmp.1.dr
Source: Binary string: o:\winmain.obj.amd64fre\com\published\idlole\public\objfre\amd64\unknwn_i.cd:\winmain\com\published\idlole\public\vc90.pdbd:\agent\_work\2\s\src\vctools\crt\vcstartup\src\gs\amd64\amdsecgs.asmd:\agent\_work\2\s\src\vctools\crt\vcstartup\src\misc\amd64\guard_dispatch.asmC:\Users\user\GIT\psqlodbc-16.00.0000\x64_ANSI_Release\pgenlista.pdb source: pgenlista.pdb.1.dr
Source: Binary string: d:\agent\_work\2\s\Intermediate\vctools\legacy_stdio_definitions.nativeproj_843097084\objr\amd64\legacy_stdio_definitions.compile.pdb source: psqlodbc30a.pdb.1.dr, psqlodbc35w.pdb.1.dr
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC source: libcrypto-3-x64.dll.1.dr
Source: Binary string: psqlodbc30a.pdb4 source: MSIC90F.tmp.1.dr
Source: Binary string: C:\Users\user\GIT\psqlodbc-16.00.0000\x64_ANSI_Release\pgenlista.pdb source: pgenlista.pdb.1.dr, pgenlista.dll.1.dr
Source: Binary string: D:\Thirdparty\openssl-3.0.10\libssl-3-x64.pdb source: libssl-3-x64.dll.1.dr
Source: Binary string: o:\winmain.obj.amd64fre\com\published\idlole\public\objfre\amd64\unknwn_i.cd:\winmain\com\published\idlole\public\vc90.pdbd:\agent\_work\2\s\src\vctools\crt\vcstartup\src\gs\amd64\amdsecgs.asmd:\agent\_work\2\s\src\vctools\crt\vcstartup\src\misc\amd64\guard_dispatch.asmC:\Users\user\GIT\psqlodbc-16.00.0000\x64_Unicode_Release\pgenlist.pdb source: pgenlist.pdb.1.dr
Source: Binary string: pgenlist.pdb1 source: MSIC90F.tmp.1.dr
Source: Binary string: pgenlista.pdb@ source: MSIC90F.tmp.1.dr
Source: Binary string: psqlodbc30a.pdb@ source: MSIC90F.tmp.1.dr
Source: Binary string: /ERRORREPORT:QUEUE /OUT:..\x64_ANSI_Release\psqlodbc30a.dll /INCREMENTAL:NO /NOLOGO /LIBPATH:C:\home\PostgreSQL_x64\lib /LIBPATH:..\x64_ANSI_Release\ /DEF:..\psqlodbca.def /DELAYLOAD:secur32.dll /DELAYLOAD:pgenlista.dll /MANIFEST "/MANIFESTUAC:level='asInvoker' uiAccess='false'" /manifest:embed /DEBUG /PDB:..\x64_ANSI_Release\psqlodbc30a.pdb /SUBSYSTEM:WINDOWS,5.02 /OPT:REF /OPT:ICF /LTCG:incremental /TLBID:1 /DYNAMICBASE /NXCOMPAT /DELAY:UNLOAD /IMPLIB:..\x64_ANSI_Release\psqlodbc30a.lib /MACHINE:X64 /DLL source: psqlodbc30a.pdb.1.dr
Source: Binary string: d:\agent\_work\2\s\Intermediate\vctools\legacy_stdio_wide_specifiers.nativeproj_1786514370\objr\amd64\legacy_stdio_wide_specifiers.compile.pdb source: psqlodbc30a.pdb.1.dr, psqlodbc35w.pdb.1.dr
Source: Binary string: d:\agent\_work\2\s\src\vctools\crt\vcstartup\src\gs\amd64\amdsecgs.asmd:\agent\_work\2\s\src\vctools\crt\vcstartup\src\misc\amd64\chkstk.asmd:\agent\_work\2\s\src\vctools\crt\vcstartup\src\misc\amd64\guard_dispatch.asmC:\Users\user\GIT\psqlodbc-16.00.0000\x64_ANSI_Release\psqlodbc30a.pdb source: psqlodbc30a.pdb.1.dr
Source: Binary string: d:\agent\_work\2\s\Intermediate\vctools\msvcrt.nativeproj_110336922\objr\amd64\msvcrt.compile.pdb source: psqlodbc30a.pdb.1.dr, pgenlista.pdb.1.dr, pgenlist.pdb.1.dr, psqlodbc35w.pdb.1.dr
Source: Binary string: D:\a\postgresql-packaging-foundation\postgresql-packaging-foundation\postgresql-16.0\Release\libpq\libpq.pdbII source: libpq.dll.1.dr
Source: Binary string: tee46vkh.pdb|pgenlista.pdb2 source: MSIC90F.tmp.1.dr
Source: Binary string: C:\Program Files\psqlODBC\1600\bin\psqlodbc35w.pdb source: 3ec111.rbs.1.dr
Source: Binary string: D:\Thirdparty\openssl-3.0.10\libcrypto-3-x64.pdb source: libcrypto-3-x64.dll.1.dr
Source: Binary string: psqlodbc35w.pdb.970B6E07_7105_4D66_80FA_9E208952FB96 source: psqlodbc_x64.msi, 3ec110.msi.1.dr, 3ec112.msi.1.dr, MSIC90F.tmp.1.dr
Source: Binary string: C:\Users\user\GIT\psqlodbc-16.00.0000\x64_ANSI_Release\psqlodbc30a.pdb55 source: psqlodbc30a.dll.1.dr
Source: Binary string: C:\Users\user\GIT\psqlodbc-16.00.0000\x64_ANSI_Release\pgenlist\vc141.pdb source: pgenlista.pdb.1.dr
Source: Binary string: C:\Users\user\GIT\psqlodbc-16.00.0000\x64_ANSI_Release\psqlodbc30a.pdb source: psqlodbc30a.pdb.1.dr, psqlodbc30a.dll.1.dr
Source: Binary string: d:\agent\_work\2\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: vcruntime140.dll.1.dr
Source: Binary string: 2C:\Program Files\psqlODBC\1600\bin\psqlodbc30a.pdb source: 3ec111.rbs.1.dr
Source: Binary string: d:\agent\_work\2\s\src\vctools\crt\vcstartup\src\gs\amd64\amdsecgs.asmd:\agent\_work\2\s\src\vctools\crt\vcstartup\src\misc\amd64\chkstk.asmd:\agent\_work\2\s\src\vctools\crt\vcstartup\src\misc\amd64\guard_dispatch.asmC:\Users\user\GIT\psqlodbc-16.00.0000\x64_Unicode_Release\psqlodbc35w.pdb source: psqlodbc35w.pdb.1.dr
Source: Binary string: psqlodbc30a.pdb.970B6E07_7105_4D66_80FA_9E208952FB96 source: psqlodbc_x64.msi, 3ec110.msi.1.dr, 3ec112.msi.1.dr
Source: Binary string: pgenlist.pdb source: MSIC90F.tmp.1.dr
Source: Binary string: pgenlista.pdb source: MSIC90F.tmp.1.dr
Source: Binary string: C:\agent\_work\66\s\build\ship\x86\uica.pdb source: psqlodbc_x64.msi, 3ec110.msi.1.dr, 3ec112.msi.1.dr
Source: Binary string: cwdC:\Users\user\GIT\psqlodbc-16.00.0000\winbuildexeC:\Program Files (x86)\Microsoft Visual Studio\2017\Community\VC\Tools\MSVC\14.16.27023\bin\HostX86\x64\link.exepdbC:\Users\user\GIT\psqlodbc-16.00.0000\x64_ANSI_Release\psqlodbc30a.pdbcmd /ERRORREPORT:QUEUE /OUT:..\x64_ANSI_Release\psqlodbc30a.dll /INCREMENTAL:NO /NOLOGO /LIBPATH:C:\home\PostgreSQL_x64\lib /LIBPATH:..\x64_ANSI_Release\ /DEF:..\psqlodbca.def /DELAYLOAD:secur32.dll /DELAYLOAD:pgenlista.dll /MANIFEST "/MANIFESTUAC:level='asInvoker' uiAccess='false'" /manifest:embed /DEBUG /PDB:..\x64_ANSI_Release\psqlodbc30a.pdb /SUBSYSTEM:WINDOWS,5.02 /OPT:REF /OPT:ICF /LTCG:incremental /TLBID:1 /DYNAMICBASE /NXCOMPAT /DELAY:UNLOAD /IMPLIB:..\x64_ANSI_Release\psqlodbc30a.lib /MACHINE:X64 /DLL source: psqlodbc30a.pdb.1.dr
Source: Binary string: d:\agent\_work\2\s\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb source: msvcp140.dll.1.dr
Source: Binary string: pgenlist.pdb.970B6E07_7105_4D66_80FA_9E208952FB96 source: psqlodbc_x64.msi, 3ec110.msi.1.dr, 3ec112.msi.1.dr, MSIC90F.tmp.1.dr
Source: Binary string: pgenlista.pdb.970B6E07_7105_4D66_80FA_9E208952FB96 source: psqlodbc_x64.msi, 3ec110.msi.1.dr, 3ec112.msi.1.dr
Source: Binary string: psqlodbc35w.pdb.970B6E07_7105_4D66_80FA_9E208952FB96 source: psqlodbc_x64.msi, 3ec110.msi.1.dr, 3ec112.msi.1.dr
Source: Binary string: psqlodbc30a.pdb source: MSIC90F.tmp.1.dr
Source: Binary string: D:\Thirdparty\openssl-3.0.10\libssl-3-x64.pdbDD source: libssl-3-x64.dll.1.dr
Source: Binary string: C:\Users\user\GIT\psqlodbc-16.00.0000\x64_Unicode_Release\psqlodbc35w.pdb88 source: psqlodbc35w.dll.1.dr
Source: Binary string: C:\Program Files\psqlODBC\1600\bin\psqlodbc30a.pdb source: 3ec111.rbs.1.dr
Source: Binary string: /ERRORREPORT:QUEUE /OUT:..\x64_Unicode_Release\psqlodbc35w.dll /INCREMENTAL:NO /NOLOGO /LIBPATH:C:\home\PostgreSQL_x64\lib /LIBPATH:..\x64_Unicode_Release\ /DEF:..\psqlodbc.def /DELAYLOAD:secur32.dll /DELAYLOAD:pgenlist.dll /MANIFEST "/MANIFESTUAC:level='asInvoker' uiAccess='false'" /manifest:embed /DEBUG /PDB:..\x64_Unicode_Release\psqlodbc35w.pdb /SUBSYSTEM:WINDOWS,5.02 /OPT:REF /OPT:ICF /LTCG:incremental /TLBID:1 /DYNAMICBASE /NXCOMPAT /DELAY:UNLOAD /IMPLIB:..\x64_Unicode_Release\psqlodbc35w.lib /MACHINE:X64 /DLL source: psqlodbc35w.pdb.1.dr
Source: Binary string: C:\Users\user\GIT\psqlodbc-16.00.0000\x64_Unicode_Release\pgenlist.pdb source: pgenlist.pdb.1.dr, pgenlist.dll.1.dr
Source: Binary string: 2C:\Program Files\psqlODBC\1600\bin\psqlodbc35w.pdb source: 3ec111.rbs.1.dr
Source: Binary string: psqlodbc35w.pdb source: MSIC90F.tmp.1.dr
Source: Binary string: cwdC:\Users\user\GIT\psqlodbc-16.00.0000\winbuildexeC:\Program Files (x86)\Microsoft Visual Studio\2017\Community\VC\Tools\MSVC\14.16.27023\bin\HostX86\x64\link.exepdbC:\Users\user\GIT\psqlodbc-16.00.0000\x64_Unicode_Release\pgenlist.pdbcmd /ERRORREPORT:QUEUE /OUT:..\x64_Unicode_Release\pgenlist.dll /INCREMENTAL:NO /NOLOGO /LIBPATH:..\x64_Unicode_Release\ /DELAYLOAD:XOLEHLP.dll /MANIFEST "/MANIFESTUAC:level='asInvoker' uiAccess='false'" /manifest:embed /DEBUG /PDB:..\x64_Unicode_Release\pgenlist.pdb /SUBSYSTEM:WINDOWS,5.02 /OPT:REF /OPT:ICF /LTCG:incremental /TLBID:1 /DYNAMICBASE /NXCOMPAT /IMPLIB:..\x64_Unicode_Release\pgenlist.lib /MACHINE:X64 /DLL source: pgenlist.pdb.1.dr
Source: Binary string: tee46vkh.pdb|pgenlista.pdb2pgenlista.pdb.970B6E07_7105_4D66_80FA_9E208952FB96 source: MSIC90F.tmp.1.dr
Source: Binary string: psqlodbc35w.pdb4 source: MSIC90F.tmp.1.dr
Source: Binary string: C:\Users\user\GIT\psqlodbc-16.00.0000\x64_Unicode_Release\pgenlist\vc141.pdb source: pgenlist.pdb.1.dr
Source: Binary string: C:\Users\user\GIT\psqlodbc-16.00.0000\x64_Unicode_Release\vc141.pdb source: psqlodbc35w.pdb.1.dr
Source: Binary string: /C:\Program Files\psqlODBC\1600\bin\pgenlist.pdb source: 3ec111.rbs.1.dr
Source: Binary string: C:\Users\user\GIT\psqlodbc-16.00.0000\x64_Unicode_Release\psqlodbc35w.pdb source: psqlodbc35w.dll.1.dr, psqlodbc35w.pdb.1.dr
Source: Binary string: cwdd:\winmain\com\published\idlole\publiccld:\winmain\tools\x86\amd64\cl.EXEcmd-Foo:\winmain.obj.amd64fre\com\published\idlole\public\objfre\amd64\ -FC -MT -Id:\winmain\com\published\idlole\public\amd64\ -Id:\winmain\com\published\idlole\public -Io:\winmain.obj.amd64fre\com\published\idlole\public\objfre\amd64 -Id:\winmain\COM\inc -Io:\winmain.obj.amd64fre\COM\inc\objfre\amd64 -Id:\winmain.public.amd64fre\internal\COM\inc -Id:\winmain.public.amd64fre\oak\inc -Id:\winmain.public.amd64fre\sdk\inc -Id:\winmain.public.amd64fre\internal\minwin\sdk\inc -Id:\winmain.public.amd64fre\sdk\inc\crt -D_WIN64 -D_AMD64_ -DAMD64 -DCONDITION_HANDLING=1 -DNT_UP=1 -DNT_INST=0 -DWIN32=100 -D_NT1X_=100 -DWINNT=1 -D_WIN32_WINNT=0x0601 -DWINVER=0x0601 -D_WIN32_IE=0x0800 -DWIN32_LEAN_AND_MEAN=1 -DOFFICIAL_BUILD=1 -DDEVL=1 -D__BUILDDATE__=081030-1900 -D__BUILDMACHINE__=winmain -DNDEBUG -D_OBJIDL_PUBLIC -D_MIDL_USE_GUIDDEF_ -D__RPCNDR_H__ -D__RPC_H__ -DRPC_NO_WINDOWS_H -DCOM_NO_WINDOWS_H -DGUID_DEFS_ONLY -DUSE_COM_CONTEXT_DEF -DNTDDI_VERSION=0x06010000 -c -Zc:wchar_t- -Zl -Zp8 -Gy -W3 -WX -d1import_no_registry -EHs- -EHc- -GR- -GF -GS -Ox -Os -Z7 -DKMDF_MAJOR_VERSION_STRING=01 -DKMDF_MINOR_VERSION_STRING=009 -typedil- -wd4603 -wd4627 -FId:\winmain.public.amd64fre\sdk\inc\warning.h -FId:\winmain.public.amd64fre\internal\Base\inc\warning_x.h -TC -Xsrco:\winmain.obj.amd64fre\com\published\idlole\public\objfre\amd64\unknwn_i.cpdbd:\winmain\com\published\idlole\public\vc90.pdb source: pgenlista.pdb.1.dr, pgenlist.pdb.1.dr
Source: Binary string: pgenlist.pdb1pgenlist.pdb.970B6E07_7105_4D66_80FA_9E208952FB96 source: MSIC90F.tmp.1.dr
Source: Binary string: D:\a\postgresql-packaging-foundation\postgresql-packaging-foundation\postgresql-16.0\Release\libpq\libpq.pdb source: libpq.dll.1.dr
Source: Binary string: pgenlist.pdb@ source: MSIC90F.tmp.1.dr
Source: Binary string: d:\agent\_work\2\s\Intermediate\vctools\delayimp.nativeproj__775816167\objr\amd64\delayimp.compile.pdb source: psqlodbc30a.pdb.1.dr, pgenlista.pdb.1.dr, pgenlist.pdb.1.dr, psqlodbc35w.pdb.1.dr
Source: Binary string: /ERRORREPORT:QUEUE /OUT:..\x64_ANSI_Release\pgenlista.dll /INCREMENTAL:NO /NOLOGO /LIBPATH:..\x64_ANSI_Release\ /DELAYLOAD:XOLEHLP.dll /MANIFEST "/MANIFESTUAC:level='asInvoker' uiAccess='false'" /manifest:embed /DEBUG /PDB:..\x64_ANSI_Release\pgenlista.pdb /SUBSYSTEM:WINDOWS,5.02 /OPT:REF /OPT:ICF /LTCG:incremental /TLBID:1 /DYNAMICBASE /NXCOMPAT /IMPLIB:..\x64_ANSI_Release\pgenlista.lib /MACHINE:X64 /DLL source: pgenlista.pdb.1.dr
Source: Binary string: psqlodbc35w.pdb@ source: MSIC90F.tmp.1.dr
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PICOpenSSL 3.0.10 1 Aug 20233.0.10built on: Thu Aug 3 12:22:13 2023 UTCplatform: VC-WIN64AOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "D:\Thirdparty\thirdparty-builds\openssl-3.0.10-withoutfips-build\lib\engines-3"MODULESDIR: "D:\Thirdparty\thirdparty-builds\openssl-3.0.10-withoutfips-build\lib\ossl-modules"CPUINFO: N/Anot availableget_and_lockcrypto\ex_data.cossl_crypto_get_ex_new_index_exossl_crypto_new_ex_data_exCRYPTO_dup_ex_dataCRYPTO_set_ex_dataOPENSSL_WIN32_UTF8crypto\getenv.ccompiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC;os-specificC:\Program Files\Common Files\SSLD:\Thirdparty\thirdparty-builds\openssl-3.0.10-withoutfips-build\lib\ossl-modules.dllCPUINFO: crypto\init.cOPENSSL_init_cryptoOPENSSL_atexitcrypto\initthread.ccrypto\mem_sec.cassertion failed: (bit & 1) == 0assertion failed: list >= 0 && list < sh.freelist_sizeassertion failed: ((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0assertion failed: bit > 0 && bit < sh.bittable_sizeassertion failed: TESTBIT(table, bit)assertion failed: !TESTBIT(table, bit)assertion failed: WITHIN_FREELIST(list)assertion failed: WITHIN_ARENA(ptr)assertion failed: temp->next == NULL || WITHIN_ARENA(temp->next)assertion failed: (char **)temp->next->p_next == listassertion failed: WITHIN_FREELIST(temp2->p_next) || WITHIN_ARENA(temp2->p_next)assertion failed: size > 0assertion failed: (size & (size - 1)) == 0assertion failed: (minsize & (minsize - 1)) == 0assertion failed: sh.freelist != NULLassertion failed: sh.bittable != NULLassertion failed: sh.bitmalloc != NULLassertion failed: !sh_testbit(temp, slist, sh.bitmalloc)assertion failed: temp != sh.freelist[slist]assertion failed: sh.freelist[slist] == tempassertion failed: temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist)assertion failed: sh_testbit(chunk, list, sh.bittable)assertion failed: WITHIN_ARENA(chunk)assertion failed: sh_testbit(ptr, list, sh.bittable)assertion failed: ptr == sh_find_my_buddy(buddy, list)assertion failed: ptr != NULLassertion failed: !sh_testbit(ptr, list, sh.bitmalloc)assertion failed: sh.freelist[list] == ptr/*0123456789ABCDEFCRYPTO_memdupcrypto\o_str.chexstr2buf_sepossl_hexstr2buf_sepbuf2hexstr_sepossl_buf2hexstr_sepcrypto\packet.cwpacket_intern_init_lenWPACKET_start_sub_packet_len__crypto\param_build.cparam_pushparam_push_numOSSL_PARAM_BLD_push_BN_padNegative big numbers are unsupported for OSSL_PARAMOSSL_PARAM_BLD_push_utf8_stringOSSL_PARAM_BLD_push_utf8_ptrOSSL_PARAM_BLD_push_octet_stringOSSL_PARAM_BLD_push_octet_ptrOSSL_PARAM_BLD_to_paramcrypto\params.c source: libcrypto-3-x64.dll.1.dr
Source: Binary string: cwdC:\Users\user\GIT\psqlodbc-16.00.0000\winbuildexeC:\Program Files (x86)\Microsoft Visual Studio\2017\Community\VC\Tools\MSVC\14.16.27023\bin\HostX86\x64\link.exepdbC:\Users\user\GIT\psqlodbc-16.00.0000\x64_ANSI_Release\pgenlista.pdbcmd /ERRORREPORT:QUEUE /OUT:..\x64_ANSI_Release\pgenlista.dll /INCREMENTAL:NO /NOLOGO /LIBPATH:..\x64_ANSI_Release\ /DELAYLOAD:XOLEHLP.dll /MANIFEST "/MANIFESTUAC:level='asInvoker' uiAccess='false'" /manifest:embed /DEBUG /PDB:..\x64_ANSI_Release\pgenlista.pdb /SUBSYSTEM:WINDOWS,5.02 /OPT:REF /OPT:ICF /LTCG:incremental /TLBID:1 /DYNAMICBASE /NXCOMPAT /IMPLIB:..\x64_ANSI_Release\pgenlista.lib /MACHINE:X64 /DLL source: pgenlista.pdb.1.dr
Source: Binary string: C:\Program Files\psqlODBC\1600\bin\pgenlist.pdb source: 3ec111.rbs.1.dr
Source: Binary string: 0C:\Program Files\psqlODBC\1600\bin\pgenlista.pdb source: 3ec111.rbs.1.dr
Source: Binary string: pgenlist.pdb.970B6E07_7105_4D66_80FA_9E208952FB96t source: psqlodbc_x64.msi, 3ec110.msi.1.dr, 3ec112.msi.1.dr
Source: Binary string: C:\Users\user\GIT\psqlodbc-16.00.0000\x64_ANSI_Release\vc141.pdb source: psqlodbc30a.pdb.1.dr
Source: Binary string: C:\Program Files\psqlODBC\1600\bin\pgenlista.pdb source: 3ec111.rbs.1.dr
Source: Binary string: d:\winmain\com\published\idlole\public\vc90.pdb source: pgenlista.pdb.1.dr, pgenlist.pdb.1.dr
Source: Binary string: C:\Users\user\GIT\psqlodbc-16.00.0000\x64_Unicode_Release\pgxalib.pdb source: pgxalib.dll.1.dr
Source: libwinpthread-1.dll.1.drStatic PE information: section name: .xdata
Source: msvcp140.dll.1.drStatic PE information: section name: .didat
Source: libcrypto-3-x64.dll.1.drStatic PE information: section name: .00cfg
Source: libiconv-2.dll.1.drStatic PE information: section name: .xdata
Source: libiconv-2.dll.1.drStatic PE information: section name: /4
Source: libiconv-2.dll.1.drStatic PE information: section name: /19
Source: libiconv-2.dll.1.drStatic PE information: section name: /31
Source: libiconv-2.dll.1.drStatic PE information: section name: /45
Source: libiconv-2.dll.1.drStatic PE information: section name: /57
Source: libiconv-2.dll.1.drStatic PE information: section name: /70
Source: libiconv-2.dll.1.drStatic PE information: section name: /81
Source: libiconv-2.dll.1.drStatic PE information: section name: /92
Source: libintl-9.dll.1.drStatic PE information: section name: .xdata
Source: libintl-9.dll.1.drStatic PE information: section name: /4
Source: libintl-9.dll.1.drStatic PE information: section name: /19
Source: libintl-9.dll.1.drStatic PE information: section name: /31
Source: libintl-9.dll.1.drStatic PE information: section name: /45
Source: libintl-9.dll.1.drStatic PE information: section name: /57
Source: libintl-9.dll.1.drStatic PE information: section name: /70
Source: libintl-9.dll.1.drStatic PE information: section name: /81
Source: libintl-9.dll.1.drStatic PE information: section name: /92
Source: libssl-3-x64.dll.1.drStatic PE information: section name: .00cfg
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\psqlODBC\1600\bin\pgxalib.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\psqlODBC\1600\bin\pgenlista.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\psqlODBC\1600\bin\psqlodbc30a.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\psqlODBC\1600\bin\libiconv-2.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\psqlODBC\1600\bin\libintl-9.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\psqlODBC\1600\bin\msvcp140.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\psqlODBC\1600\bin\libwinpthread-1.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\psqlODBC\1600\bin\libssl-3-x64.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\psqlODBC\1600\bin\libpq.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\psqlODBC\1600\bin\pgenlist.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\psqlODBC\1600\bin\libcrypto-3-x64.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\psqlODBC\1600\bin\vcruntime140.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\psqlODBC\1600\bin\psqlodbc35w.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\psqlODBC\1600\bin\pgxalib.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\psqlODBC\1600\bin\pgenlista.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\psqlODBC\1600\bin\msvcp140.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\psqlODBC\1600\bin\pgenlist.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpactResource DevelopmentReconnaissance
1
Replication Through Removable Media
Windows Management Instrumentation1
Windows Service
1
Windows Service
12
Masquerading
OS Credential Dumping1
Process Discovery
1
Replication Through Removable Media
Data from Local SystemExfiltration Over Other Network MediumData ObfuscationExploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationAbuse Accessibility FeaturesAcquire InfrastructureGather Victim Identity Information
Default AccountsScheduled Task/Job1
DLL Side-Loading
1
Process Injection
1
Process Injection
LSASS Memory11
Peripheral Device Discovery
Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothJunk DataSIM Card SwapObtain Device Cloud BackupsNetwork Denial of ServiceDomainsCredentials
Domain AccountsAtLogon Script (Windows)1
DLL Side-Loading
1
DLL Side-Loading
Security Account Manager2
File and Directory Discovery
SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyData Encrypted for ImpactDNS ServerEmail Addresses
Local AccountsCronLogin HookLogin Hook1
File Deletion
NTDS11
System Information Discovery
Distributed Component Object ModelInput CaptureTraffic DuplicationProtocol ImpersonationData DestructionVirtual Private ServerEmployee Names
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1346032 Sample: psqlodbc_x64.msi Startdate: 21/11/2023 Architecture: WINDOWS Score: 2 5 msiexec.exe 124 48 2->5         started        8 msiexec.exe 5 2->8         started        file3 12 C:\Program Files\...\vcruntime140.dll, PE32+ 5->12 dropped 14 C:\Program Files\psqlODBC\...\psqlodbc35w.dll, PE32+ 5->14 dropped 16 C:\Program Files\psqlODBC\...\psqlodbc30a.dll, PE32+ 5->16 dropped 18 10 other files (none is malicious) 5->18 dropped 10 msiexec.exe 5->10         started        process4

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
psqlodbc_x64.msi0%ReversingLabs
SourceDetectionScannerLabelLink
C:\Program Files\psqlODBC\1600\bin\libcrypto-3-x64.dll0%ReversingLabs
C:\Program Files\psqlODBC\1600\bin\libiconv-2.dll0%ReversingLabs
C:\Program Files\psqlODBC\1600\bin\libintl-9.dll0%ReversingLabs
C:\Program Files\psqlODBC\1600\bin\libpq.dll0%ReversingLabs
C:\Program Files\psqlODBC\1600\bin\libssl-3-x64.dll0%ReversingLabs
C:\Program Files\psqlODBC\1600\bin\libwinpthread-1.dll0%ReversingLabs
C:\Program Files\psqlODBC\1600\bin\msvcp140.dll0%ReversingLabs
C:\Program Files\psqlODBC\1600\bin\pgenlist.dll0%ReversingLabs
C:\Program Files\psqlODBC\1600\bin\pgenlista.dll0%ReversingLabs
C:\Program Files\psqlODBC\1600\bin\pgxalib.dll0%ReversingLabs
C:\Program Files\psqlODBC\1600\bin\psqlodbc30a.dll0%ReversingLabs
C:\Program Files\psqlODBC\1600\bin\psqlodbc35w.dll0%ReversingLabs
C:\Program Files\psqlODBC\1600\bin\vcruntime140.dll0%ReversingLabs
No Antivirus matches
No Antivirus matches
No Antivirus matches
No contacted domains info
NameSourceMaliciousAntivirus DetectionReputation
http://wixtoolset.orgpsqlodbc_x64.msi, 3ec110.msi.1.dr, 3ec112.msi.1.drfalse
    high
    http://mingw-w64.sourceforge.net/Xlibwinpthread-1.dll.1.drfalse
      high
      https://www.openssl.org/Hlibcrypto-3-x64.dll.1.dr, libssl-3-x64.dll.1.drfalse
        high
        http://www.gnu.org/licenses/libintl-9.dll.1.drfalse
          high
          https://www.gnu.org/licenses/libiconv-2.dll.1.drfalse
            high
            No contacted IP infos
            Joe Sandbox Version:38.0.0 Ammolite
            Analysis ID:1346032
            Start date and time:2023-11-21 20:10:50 +01:00
            Joe Sandbox Product:CloudBasic
            Overall analysis duration:0h 4m 31s
            Hypervisor based Inspection enabled:false
            Report type:full
            Cookbook file name:default.jbs
            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
            Number of analysed new started processes analysed:6
            Number of new started drivers analysed:0
            Number of existing processes analysed:0
            Number of existing drivers analysed:0
            Number of injected processes analysed:0
            Technologies:
            • HCA enabled
            • EGA enabled
            • AMSI enabled
            Analysis Mode:default
            Analysis stop reason:Timeout
            Sample file name:psqlodbc_x64.msi
            Detection:CLEAN
            Classification:clean2.winMSI@4/37@0/0
            EGA Information:Failed
            HCA Information:
            • Successful, ratio: 100%
            • Number of executed functions: 0
            • Number of non-executed functions: 0
            Cookbook Comments:
            • Found application associated with file extension: .msi
            • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
            • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
            • VT rate limit hit for: psqlodbc_x64.msi
            No simulations
            No context
            No context
            No context
            No context
            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
            C:\Program Files\psqlODBC\1600\bin\msvcp140.dllhD2xb7Hp3n.exeGet hashmaliciousRaccoon Stealer v2Browse
              cryptonite.exeGet hashmaliciousTrojanRansomBrowse
                cryptonite.exeGet hashmaliciousTrojanRansomBrowse
                  RocketTE(DesktopEdition).zipGet hashmaliciousUnknownBrowse
                    https://storage.emcosoftware.com/download/msipackagebuilder/MSIPackageBuilderSetup.exeGet hashmaliciousUnknownBrowse
                      Firefox Setup 102.9.0esr.msiGet hashmaliciousUnknownBrowse
                        wzdu53.exeGet hashmaliciousUnknownBrowse
                          lpB7cgX2b9.exeGet hashmaliciousUnknownBrowse
                            zdXmxM5X4Q.exeGet hashmaliciousUnknownBrowse
                              WindowsUpdate.exeGet hashmaliciousUnknownBrowse
                                wzdu46.exeGet hashmaliciousUnknownBrowse
                                  wzdu46.exeGet hashmaliciousUnknownBrowse
                                    wzdu53.exeGet hashmaliciousUnknownBrowse
                                      it.exeGet hashmaliciousUnknownBrowse
                                        wzdu53.exeGet hashmaliciousUnknownBrowse
                                          DriverReviverSetup_ppc4.exeGet hashmaliciousUnknownBrowse
                                            qXTX5WRiF3.exeGet hashmaliciousUnknownBrowse
                                              bkT0lwLPIe.exeGet hashmaliciousUnknownBrowse
                                                04A31AE8A31BB4144D7392040442F4A38E8301CC55012.exeGet hashmaliciousAsyncRATBrowse
                                                  wzdu53.exeGet hashmaliciousUnknownBrowse
                                                    Process:C:\Windows\System32\msiexec.exe
                                                    File Type:data
                                                    Category:modified
                                                    Size (bytes):11144
                                                    Entropy (8bit):5.611360389456135
                                                    Encrypted:false
                                                    SSDEEP:192:QuL2aIaBa83BZAon/eYZKnjCvIFdKnjCvvFVmF8SRjpb:Qkzlsl+rvqvjSv
                                                    MD5:C7F8B1C936268BA77915020B7E4AED59
                                                    SHA1:624A15803A010EDA1B7EBAA6D298C5FD9E95ECA0
                                                    SHA-256:CE4ECEE3281FCBE3426DB0F4F5E9AD50454F3627090F339A98E8CA1B58FE734A
                                                    SHA-512:A416E001A5D4102D0D50663830BD6A61908A526A8EC3FE03E0F2B701E90965280D262C1F97A804B36E0A092E180103B0A7B2D8EF442C3884525522604B4E0680
                                                    Malicious:false
                                                    Reputation:low
                                                    Preview:...@IXOS.@.....@|.uW.@.....@.....@.....@.....@.....@......&.{128C70F8-E74C-49E7-B3F1-0B8CAC1AF4C5}..psqlODBC_x64..psqlodbc_x64.msi.@.....@.....@.....@........&.{78AE5022-A9EB-48D5-B652-DDFC32960BCA}.....@.....@.....@.....@.......@.....@.....@.......@......psqlODBC_x64......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{4D361F28-8F75-4C86-9A37-6C279967413D}&.{128C70F8-E74C-49E7-B3F1-0B8CAC1AF4C5}.@......&.{5C9A19B5-D7C6-4BB4-BBBC-88C2A67A59B0}&.{128C70F8-E74C-49E7-B3F1-0B8CAC1AF4C5}.@......&.{121A6C41-2B8F-463D-BA84-6BF36701428A}&.{128C70F8-E74C-49E7-B3F1-0B8CAC1AF4C5}.@........RemoveODBC..Removing ODBC components....InstallFiles..Copying new files&.File: [1], Directory: [9], Size: [6]..#.C:\Program Files\psqlODBC\1600\bin\....6.C:\Program Files\psqlODBC\1600\bin\libcrypto-3-x64.dll....1.C:\Program Files\psqlODBC\1600\bin\libiconv-2.dll....0.C:\Program Files\psqlODBC\1600\bin\libintl-9.dl
                                                    Process:C:\Windows\System32\msiexec.exe
                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                    Category:dropped
                                                    Size (bytes):4562944
                                                    Entropy (8bit):5.817708586916385
                                                    Encrypted:false
                                                    SSDEEP:98304:Nvc8UzyE5vkQqon7LQyV3ue21CPwDvt3uFlDCq:VUzyE5vkQqY7LQk3uJ1CPwDvt3uFlDC
                                                    MD5:D7801F039AEEBD43753D8549DC2A6CC0
                                                    SHA1:B2A4FFA592CA7CB455EC2D1AD9AD042A46A5F6D3
                                                    SHA-256:22683C091AA5AC90F67600956D1CB1481F4006361A251865E36ABB501BE84FF9
                                                    SHA-512:8DFDC1A23D55B381238193CBA5CFFEBA6FB56D62A5F8EAB69D1D9B532E8C6D481273F1F52BE2A7B60A88DE37D1EDD7BDD6C5B42D69804F63A56C113E8EFDCE94
                                                    Malicious:false
                                                    Antivirus:
                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                    Reputation:low
                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........V.Y.8.Y.8.Y.8.P...K.8.J.9.[.8.J.;.Z.8.J.=.S.8.J.<.P.8.<.9.T.8.Y.9..8.e.;.X.8.e.<..8.e.8.X.8.e...X.8.e.:.X.8.RichY.8.........PE..d......d.........." .....Z-..t.......~........................................F...........`...........................................>.5...x.D.T....0E.|.... B..............@E.......:.8...........................P.:...............D.x............................text....Y-......Z-................. ..`.rdata...5...p-..6...^-.............@..@.data....k....A..:....A.............@....pdata..(.... B.......A.............@..@.idata...(....D..*....D.............@..@.00cfg....... E.......D.............@..@.rsrc...|....0E.......D.............@..@.reloc..C....@E.......D.............@..B................................................................................................................................................................
                                                    Process:C:\Windows\System32\msiexec.exe
                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                    Category:dropped
                                                    Size (bytes):1851113
                                                    Entropy (8bit):6.295735352298234
                                                    Encrypted:false
                                                    SSDEEP:24576:SAlxpPnBAUZLY9OVbbTiZGavkg3NyeuQ6l9fH+f2ykqZrkgecviRd7mQFz:DPnBAUZLY9OEZGaXBuQQ9e2YYUQFz
                                                    MD5:158BC77453D382CF6679CE35DF740CC5
                                                    SHA1:9A3C123CE4B6F6592ED50D6614387D059BFB842F
                                                    SHA-256:CF131738F4B5FE3F42E9108E24595FC3E6573347D78E4E69EC42106C1EEBE42C
                                                    SHA-512:6EB1455537CB4E62E9432032372FAE9CE824A48346E00BAF38EF2F840E0ED3F55ACAEE2656DA656DB00AE0BDEF808F8DA291DD10D7453815152EDA0CCFC73147
                                                    Malicious:false
                                                    Antivirus:
                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                    Reputation:low
                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...8.Jd....q.....& ..."............P..........f............................................. .................................................D....@..........d............P..................................(.......................p............................text..............................`.P`.data...............................@.P..rdata..............................@.`@.pdata..d...........................@.0@.xdata..............................@.0@.bss..................................`..edata..............................@.0@.idata..D...........................@.0..CRT....X.... ......................@.@..tls.........0......................@.@..rsrc........@......................@.0..reloc.......P......................@.0B/4...... ....`......................@..B/19.....m....p... ..................@..B/31......2.......4..................@..B/45.....
                                                    Process:C:\Windows\System32\msiexec.exe
                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                    Category:dropped
                                                    Size (bytes):475769
                                                    Entropy (8bit):5.442192544327632
                                                    Encrypted:false
                                                    SSDEEP:12288:YoSRYqB/kDraXbQTNRC6RsclS8DzT6Bam:+YY/kDraLQTNRCPWDzT6Bam
                                                    MD5:E79E7C9D547DDBEE5C8C1796BD092326
                                                    SHA1:8E50B296F4630F6173FC77D07EEA36433E62178A
                                                    SHA-256:1125AC8DC0C4F5C3ED4712E0D8AD29474099FCB55BB0E563A352CE9D03EF1D78
                                                    SHA-512:DBA65731B7ADA0AC90B4122C7B633CD8D9A54B92B2241170C6F09828554A0BC1B0F3EDF6289B6141D3441AB11AF90D6F8210A73F01964276D050E57FB94248E2
                                                    Malicious:false
                                                    Antivirus:
                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                    Reputation:low
                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d......[.H........& .....D....................(h....................................0......... ......................................................@..8....................P..p........................... 0..(....................................................text...8C.......D..................`.P`.data........`.......J..............@.`..rdata..0M...p...N...L..............@.`@.pdata..............................@.0@.xdata..d...........................@.0@.bss....P.............................`..edata..............................@.0@.idata..............................@.0..CRT....X.... ......................@.@..tls....h....0......................@.`..rsrc...8....@......................@.0..reloc..p....P......................@.0B/4...........`......................@.PB/19..........p......................@..B/31.....1:.......<..................@..B/45.....
                                                    Process:C:\Windows\System32\msiexec.exe
                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                    Category:dropped
                                                    Size (bytes):326144
                                                    Entropy (8bit):6.059008553272733
                                                    Encrypted:false
                                                    SSDEEP:6144:StgUlPveZV0axiqqTEEKXrMY7cQHzI4l/4OMx7apSPZbFUS:RU5eZV0eqTE1MY7TrOM
                                                    MD5:A0A2DC1D0349CA7BEBF73FE8CF4AC258
                                                    SHA1:C771371574DCDB712C8ED1EA615E862FA6528C10
                                                    SHA-256:A21918DC8B522148FA313306335CD036452E9F3713B0FA4DBFB5FD6F3C5315CA
                                                    SHA-512:EF327A25CA821D54750901C535A5664DEB4A1BDF13E5C9AA813DB4E9E716B8302D7D0DD9207020891420F5A1BC3C40CB294F2B7161F825EF51818CA31531909B
                                                    Malicious:false
                                                    Antivirus:
                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                    Reputation:low
                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......}[R\9:<.9:<.9:<.0B../:<..F=.;:<..F..?:<..F9.4:<..F8.1:<..F?.=:<.rB=.5:<..]=.>:<.9:=. ;<..G8..:<..G<.8:<..G..8:<.9:..8:<..G>.8:<.Rich9:<.........PE..d...[..e.........." ...#.l...........g.......................................P............`...@......................................................0...........!...........@......@j..T............................i..@...............p............................text....k.......l.................. ..`.rdata..dR.......T...p..............@..@.data...............................@....pdata...!......."..................@..@.rsrc........0......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................
                                                    Process:C:\Windows\System32\msiexec.exe
                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                    Category:dropped
                                                    Size (bytes):775168
                                                    Entropy (8bit):5.558196038010598
                                                    Encrypted:false
                                                    SSDEEP:12288:8Xs81Gw7wuKkAtT/+z/IdsiJiFi5kYrFe9Xb:8XsgGw7wOAtLeANiFi5PFe9Xb
                                                    MD5:A82C04879A533ECB938C96EA449C653C
                                                    SHA1:5F632834473AFFD18BE9C3E9F42C201D7BEDFC73
                                                    SHA-256:5895C2C9A596ACF9778F411B5ABA42EC32CB0A39DBC21439BC8CC2ABE947786E
                                                    SHA-512:F6A5AED8230B10364BDA27ED49E3FDA72E917C81B7BABC53BCE7A914B2D0D79135CC8B4F11ADC746F5EB0DAB02F7A4965EE41097382B7C32E97D2C1B58465358
                                                    Malicious:false
                                                    Antivirus:
                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                    Reputation:low
                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......W.."..cq..cq..cq...q..cq..bp..cqv.bp..cq..`p..cq..fp..cq..gp..cq/.bp..cq..bq..cq/.gp".cq/.cp..cq/..q..cq/.ap..cqRich..cq........PE..d...1..d.........." .....2..........&&.......................................0............`..........................................p...Q..............s.... ...L..............P...P...8............................................................................text...71.......2.................. ..`.rdata...r...P...t...6..............@..@.data....M.......H..................@....pdata...U... ...V..................@..@.idata...b.......d...H..............@..@.00cfg..............................@..@.rsrc...s...........................@..@.reloc..$...........................@..B................................................................................................................................................................
                                                    Process:C:\Windows\System32\msiexec.exe
                                                    File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                                    Category:dropped
                                                    Size (bytes):52736
                                                    Entropy (8bit):5.840253326728635
                                                    Encrypted:false
                                                    SSDEEP:768:fE20UsQSmxsJ/jPxsiFFnoCImovqcyz88rtYNChvThLaim3Yu/g/D8:cis0sP5FBQ7vU9BYshtaim3Yuo78
                                                    MD5:9DC829C2C8962347BC9ADF891C51AC05
                                                    SHA1:BF9251A7165BB2981E613AC5D9051F19EDB68463
                                                    SHA-256:FFE2D56375BB4E8BDEE9037DF6BEFC5016DDD8871D0D85027314DD5792F8FDC9
                                                    SHA-512:FD7E6F50A21CB59075DFA08C5E6275FD20723B01A23C3E24FB369F2D95A379B5AC6AE9F509AA42861D9C5114BE47CCE9FF886F0A03758BFDC3A2A9C4D75FAB56
                                                    Malicious:false
                                                    Antivirus:
                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                    Reputation:low
                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d..................".....|.....................d.............................P................ ......................................................0..P....................@..h........................... ..(....................................................text...({.......|..................`.P`.data...............................@.P..rdata..............................@.P@.pdata..............................@.0@.xdata..............................@.0@.bss..................................p..edata..............................@.0@.idata..............................@.0..CRT....`...........................@.@..tls....h.... ......................@.`..rsrc...P....0......................@.0..reloc..h....@......................@.0B................................................................................................................................
                                                    Process:C:\Windows\System32\msiexec.exe
                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                    Category:dropped
                                                    Size (bytes):627992
                                                    Entropy (8bit):6.360523442335369
                                                    Encrypted:false
                                                    SSDEEP:12288:dO93oUW7jh6DN0RUhsduQjqDZ6X/t5mTOKGmJ7DseBiltBMQEKZm+jWodEEVoFt:s3oUW7jh6DN0RUhsduQjqDZ6X/t5mTOo
                                                    MD5:C1B066F9E3E2F3A6785161A8C7E0346A
                                                    SHA1:8B3B943E79C40BC81FDAC1E038A276D034BBE812
                                                    SHA-256:99E3E25CDA404283FBD96B25B7683A8D213E7954674ADEFA2279123A8D0701FD
                                                    SHA-512:36F9E6C86AFBD80375295238B67E4F472EB86FCB84A590D8DBA928D4E7A502D4F903971827FDC331353E5B3D06616664450759432FDC8D304A56E7DACB84B728
                                                    Malicious:false
                                                    Antivirus:
                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                    Joe Sandbox View:
                                                    • Filename: hD2xb7Hp3n.exe, Detection: malicious, Browse
                                                    • Filename: cryptonite.exe, Detection: malicious, Browse
                                                    • Filename: cryptonite.exe, Detection: malicious, Browse
                                                    • Filename: RocketTE(DesktopEdition).zip, Detection: malicious, Browse
                                                    • Filename: , Detection: malicious, Browse
                                                    • Filename: Firefox Setup 102.9.0esr.msi, Detection: malicious, Browse
                                                    • Filename: wzdu53.exe, Detection: malicious, Browse
                                                    • Filename: lpB7cgX2b9.exe, Detection: malicious, Browse
                                                    • Filename: zdXmxM5X4Q.exe, Detection: malicious, Browse
                                                    • Filename: WindowsUpdate.exe, Detection: malicious, Browse
                                                    • Filename: wzdu46.exe, Detection: malicious, Browse
                                                    • Filename: wzdu46.exe, Detection: malicious, Browse
                                                    • Filename: wzdu53.exe, Detection: malicious, Browse
                                                    • Filename: it.exe, Detection: malicious, Browse
                                                    • Filename: wzdu53.exe, Detection: malicious, Browse
                                                    • Filename: DriverReviverSetup_ppc4.exe, Detection: malicious, Browse
                                                    • Filename: qXTX5WRiF3.exe, Detection: malicious, Browse
                                                    • Filename: bkT0lwLPIe.exe, Detection: malicious, Browse
                                                    • Filename: 04A31AE8A31BB4144D7392040442F4A38E8301CC55012.exe, Detection: malicious, Browse
                                                    • Filename: wzdu53.exe, Detection: malicious, Browse
                                                    Reputation:moderate, very likely benign file
                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......`..r$..!$..!$..!.O.!&..!-.|!2..!v.. '..!$..!...!v.. '..!v.. o..!v.. j..!v.. %..!v..!%..!v.. %..!Rich$..!................PE..d.....0].........." .........`...... ...............................................T.....`A............................................h....................0..t@...T...A..............8............................................ ..........@....................text...<........................... ..`.rdata..<.... ......................@..@.data....;..........................@....pdata..t@...0...B..................@..@.didat..h............B..............@....rsrc................D..............@..@.reloc...............H..............@..B................................................................................................................................................................................................................
                                                    Process:C:\Windows\System32\msiexec.exe
                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                    Category:dropped
                                                    Size (bytes):29696
                                                    Entropy (8bit):5.651844736428367
                                                    Encrypted:false
                                                    SSDEEP:384:NmqXhxYdNvKhEHjwhmxGFnW+QprFryDv2TozahSW/iRqnFSpcTsw1l9pZy6+IBJN:BXc72mxGwkDejsknwS3l9pZy6+wqI
                                                    MD5:D80B154CE0EFB7E13F5B9A2B4385E77C
                                                    SHA1:D64F6B9FA0B7954FD84D07A3DD301AA21D71FF8D
                                                    SHA-256:FFC0E4CA927F3F9447423C162A33DEA3E1E99DFA5609DBFEC59A481895DA1BF8
                                                    SHA-512:88E7C1EC7D3EF505DACB4D3AAC678242B0CE0F9499AB069AA11973AF4B63BDA12A4634687DFCB59672EC052CCC7F46B399A19552CBC9538DB66C868E9FB4B821
                                                    Malicious:false
                                                    Antivirus:
                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........?t.jQ'.jQ'.jQ'..P&.jQ'..U&.jQ'..R&.jQ'..T&.jQ'...'.jQ'...'.jQ':.P&.jQ'.jP'.jQ':.Q&.jQ':.X&.jQ':..'.jQ':.S&.jQ'Rich.jQ'........PE..d....c.e.........." .....<...<......hB....................................................`.........................................pl......0m..................................\...._..p............................S...............P.......k..@....................text....;.......<.................. ..`.rdata...'...P...(...@..............@..@.data................h..............@....pdata...............j..............@..@.rsrc................p..............@..@.reloc..\............r..............@..B................................................................................................................................................................................................................................................
                                                    Process:C:\Windows\System32\msiexec.exe
                                                    File Type:MSVC program database ver 7.00, 4096*155 bytes
                                                    Category:dropped
                                                    Size (bytes):634880
                                                    Entropy (8bit):4.108577687440266
                                                    Encrypted:false
                                                    SSDEEP:6144:CIN0hJfgIbzhivH2lNaulS79pXf22a/DRM7NQgDLm7HA/lyu8nLNiebECBomTeCM:CyHlKVbL
                                                    MD5:39674ABF09D2050D86B3F5F74D9E1C28
                                                    SHA1:BFD76D3336544CD912A9A60756155E2B1D03706F
                                                    SHA-256:F1084CE9E3633AE452E0AD3EEC6EA402A6CB829D54EE3DBD8F1EA52CBDD58A84
                                                    SHA-512:67329F980B948D1D27B256B446C07B94264F1DEACBA0C780D1FA3183790567C7E7C5D908C309C00AA6703F7CA92C59D885389E80CBB8CD275E6DDE7F848C731B
                                                    Malicious:false
                                                    Preview:Microsoft C/C++ MSF 7.00...DS...............X...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                    Process:C:\Windows\System32\msiexec.exe
                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                    Category:dropped
                                                    Size (bytes):29696
                                                    Entropy (8bit):5.650527330384241
                                                    Encrypted:false
                                                    SSDEEP:384:cmqXhxYdNvKhEHjwhmxGFnW+QprFryDv2TozahSW/iRqnFEKYpcTswknuK0pZh6/:sXc72mxGwkDejsknq/Sinu1pZh6+QqI
                                                    MD5:A1DF9AFFC84809F9C30E9C7DE3981B27
                                                    SHA1:84D1E2A97B6AE2D30008E5785891DF07D86F3BBE
                                                    SHA-256:08D19C8607E72361A95BFB5EF01A867CB6CBAFB366BF74C09CCB88BE25DA7AB9
                                                    SHA-512:9F2804D10331B0C4320BE3E6058062798379F6BB18F529E682A78678CB2C8468BD3DC7536B7B10FB1CEAF8812B26888B2A418AF6698C0E8F0D613F06A7BFD0D7
                                                    Malicious:false
                                                    Antivirus:
                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........?t.jQ'.jQ'.jQ'..P&.jQ'..U&.jQ'..R&.jQ'..T&.jQ'...'.jQ'...'.jQ':.P&.jQ'.jP'.jQ':.Q&.jQ':.X&.jQ':..'.jQ':.S&.jQ'Rich.jQ'........PE..d....d.e.........." .....<...<......hB....................................................`.........................................pl......4m..................................\...._..p............................S...............P.......k..@....................text....;.......<.................. ..`.rdata...'...P...(...@..............@..@.data................h..............@....pdata...............j..............@..@.rsrc................p..............@..@.reloc..\............r..............@..B................................................................................................................................................................................................................................................
                                                    Process:C:\Windows\System32\msiexec.exe
                                                    File Type:MSVC program database ver 7.00, 4096*155 bytes
                                                    Category:dropped
                                                    Size (bytes):634880
                                                    Entropy (8bit):4.109396507855818
                                                    Encrypted:false
                                                    SSDEEP:6144:CE6r0aJYm6kMwSGVIbzh2jH2l/aulS79pXf22a/DRM75XH1hPFjQA/lyu8nLNiey:gwm6kMwSp4LlKVbF
                                                    MD5:69B439D57D6F0DFCEE7A42226EDBED2C
                                                    SHA1:E9786F9DDE123C44AAC06444DE48760DCAACBED8
                                                    SHA-256:FCFFEC49679A7A0E4C449FE85A26BBAC10A51509F19225817FB11F73E0230FDE
                                                    SHA-512:C1749AC0748913A3A5FD5542471C07BE7530D27B1049899594D27FD222739B12F9C4962483B9A67ED18BDD9AB170BE1E779ED45D7A76C6B2974AB92B74E72744
                                                    Malicious:false
                                                    Preview:Microsoft C/C++ MSF 7.00...DS...............X...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                    Process:C:\Windows\System32\msiexec.exe
                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                    Category:dropped
                                                    Size (bytes):35328
                                                    Entropy (8bit):5.723176633060502
                                                    Encrypted:false
                                                    SSDEEP:384:2LKwnjRJXQ2ii7oTbulYzcaY8I1N/wBbfKYI2z+Rd2ZEwiFGEY9y0mdRd6Lb4:QfjnQaccaYt/lTKZEj8EYc0mdRGE
                                                    MD5:2C11DDDEDB494BC3A4AE5F880287C43E
                                                    SHA1:C387CA9F4BF651FB463F6947EBD519899934CFBA
                                                    SHA-256:C0359FCD900C5C84B6DAEF9DBA950344AD692E5848540CE73D6AC0650324236B
                                                    SHA-512:59F7FEB148AC6F5EE9C67C33B0057C503718BD5F1389F5DF497B7145EA4ACDE8801AF9D414598654288CE3332A3485E6FD2F289836D7AF8D5578DBE70D785D0A
                                                    Malicious:false
                                                    Antivirus:
                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............R...R...R...S...R...S...R...S...R..|R...R...S...R..hR...R...R...RT..S...RT..S...RT..R...RT..S...RRich...R........PE..d....d.e.........." .....R...<.......V....................................................`.....................................................................................`...0z..p............................z...............p...............................text....P.......R.................. ..`.rdata..b%...p...&...V..............@..@.data................|..............@....pdata...............~..............@..@.rsrc...............................@..@.reloc..`...........................@..B........................................................................................................................................................................................................................................................
                                                    Process:C:\Windows\System32\msiexec.exe
                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                    Category:dropped
                                                    Size (bytes):572416
                                                    Entropy (8bit):6.436798103949317
                                                    Encrypted:false
                                                    SSDEEP:12288:WGFTgbyi1qgVngSxbQcU0cjx4L6yUGDJ9UDE3:BTgbyi19ngSxbsx4L6LGDJ9UDE3
                                                    MD5:D35F1E78C317307086F630A66CE26BE5
                                                    SHA1:5C6E3CA233520945A0FB4BD034D80167C1DB036C
                                                    SHA-256:B6E1F4A4E4A5D19E7A39745A1C4B4844F3E2DD9DF48B044D79049430B332C1F9
                                                    SHA-512:63AE65871C4F8143D5559F303A36D6688B6F2F9AF16DA05D6084678BC2EE3BB995754288CE54101CF76BF8013FD207BD3A2954BF92BF7DAA62954FB9975F9E7E
                                                    Malicious:false
                                                    Antivirus:
                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NXU..9;..9;..9;.XQ:..9;.XQ?..9;.XQ8..9;..A...9;.XQ>..9;..A..*9;..D:..9;..9:..9;..P3..9;..P;..9;..P..9;..9...9;..P9..9;.Rich.9;.........................PE..d....d.e.........." .....B...........E....................................................`..........................................&.......0..|.......0J...`..X8..............`...`...p............................g...............`..H...0%..`....................text....@.......B.................. ..`.rdata..`....`.......F..............@..@.data........P.......*..............@....pdata..X8...`...:...0..............@..@.rsrc...0J.......L...j..............@..@.reloc..`...........................@..B........................................................................................................................................................................................................................
                                                    Process:C:\Windows\System32\msiexec.exe
                                                    File Type:MSVC program database ver 7.00, 4096*465 bytes
                                                    Category:dropped
                                                    Size (bytes):1904640
                                                    Entropy (8bit):4.694010624738361
                                                    Encrypted:false
                                                    SSDEEP:24576:47bEdU/iLqw9+DHUcr9vk9rRuAy88hcI:RqnHUcr9vk9rRuAy8qcI
                                                    MD5:FEDEDD1607892AC8E3F84AFEB6C4052C
                                                    SHA1:5053F0B4AA54A0921592FAB40A702E38814E1F47
                                                    SHA-256:0BCD33E8637BE0FD7B3213E91E5BBF940E783DAA9932ACB2EF7A65338CCDC626
                                                    SHA-512:F46C9859AA52CF9FF9EB7282B6FE2E6F99B21E6E1BE5236151103B7135B1B20FB4A184D324E1679093D9B23698C4CE567F70863DB610CCC838E81DC5855B8950
                                                    Malicious:false
                                                    Preview:Microsoft C/C++ MSF 7.00...DS...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                    Process:C:\Windows\System32\msiexec.exe
                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                    Category:dropped
                                                    Size (bytes):586752
                                                    Entropy (8bit):6.438846793603524
                                                    Encrypted:false
                                                    SSDEEP:12288:2TGiQw19GHIFNSxoLWJQJmIFxa3T8h18ZAwx8XAs:2TGiQw19GHaN8oLWYggn8Z1x8XJ
                                                    MD5:0EE886B1E6096B5D1A4FD10A3074A6EB
                                                    SHA1:F3EE6061F1D60B62F4F9B08092851365A082998D
                                                    SHA-256:9F12E0014FD55793FCB37431B1A6C51AABE26A900090BDDD630AA0824786A794
                                                    SHA-512:5FF480F2F2FD1A4F76B21D8A165F0B738AD6AD49E6E8A0492810B676A3FA5B07E571F9F514A3F64FC941E57676B824B7F12A4B6DFE14F4A4D63A6326D51D7BB9
                                                    Malicious:false
                                                    Antivirus:
                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........LG.."..."..."...#..."...&..."...!..."......"...'..."......".n.#..."...#.a."...*..."..."..."......."......."... ...".Rich..".........PE..d....c.e.........." .....p..........@s....................................... ............`.........................................PP..,...|Z..|.......PJ.......8..............d.......p...............................................h....N..`....................text...?n.......p.................. ..`.rdata..l............t..............@..@.data........p.......b..............@....pdata...8.......:...h..............@..@.rsrc...PJ.......L..................@..@.reloc..d...........................@..B........................................................................................................................................................................................................................................
                                                    Process:C:\Windows\System32\msiexec.exe
                                                    File Type:MSVC program database ver 7.00, 4096*475 bytes
                                                    Category:dropped
                                                    Size (bytes):1945600
                                                    Entropy (8bit):4.706583092704654
                                                    Encrypted:false
                                                    SSDEEP:24576:LVWOdb/5T3Sbh7azXUXuF3ZhAqozijWJqOuB:hdNiKXUXuF3ZhAqozijiS
                                                    MD5:720F2D7F096A9D7549C73E726FE14947
                                                    SHA1:34E2258A9968CB47CA5FC224C4AF45B81FEE6004
                                                    SHA-256:9D2835210176E44C1EB647865A51FA99140094DAD4771A98F6E1E7DD4D573184
                                                    SHA-512:95946CB90347C43FE09CEDBD2075CD2111C6F11A194C39D4E91E3E729F1B19277CB6C353C23159AE458105361D75458DB61578267C7BD08E591F89416B614D42
                                                    Malicious:false
                                                    Preview:Microsoft C/C++ MSF 7.00...DS............... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                    Process:C:\Windows\System32\msiexec.exe
                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                    Category:dropped
                                                    Size (bytes):85784
                                                    Entropy (8bit):6.594110245111798
                                                    Encrypted:false
                                                    SSDEEP:1536:U3qPWvVCMgfw2eeWqjOebgk0jIpePxd76LGYU8j6ecbolG8EB4h88ii0:U66dsFeeBGPj1L6LGY+ecboC/8ip
                                                    MD5:1453290DB80241683288F33E6DD5E80E
                                                    SHA1:29FB9AF50458DF43EF40BFC8F0F516D0C0A106FD
                                                    SHA-256:2B7602CC1521101D116995E3E2DDFE0943349806378A0D40ADD81BA64E359B6C
                                                    SHA-512:4EA48A11E29EA7AC3957DCAB1A7912F83FD1C922C43D7B7D78523178FE236B4418729455B78AC672BB5632ECD5400746179802C6A9690ADB025270B0ADE84E91
                                                    Malicious:false
                                                    Antivirus:
                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......ZWB..6,..6,..6,.....6,..N...6,..6-.26,.L^/..6,.L^(..6,.L^)..6,.L^,..6,.L^...6,.L^...6,.Rich.6,.........................PE..d.....0].........." .........R...............................................P......<.....`A............................................4............0....... ...........A...@..t...P...8............................................................................text.............................. ..`.rdata...6.......8..................@..@.data... ...........................@....pdata....... ......................@..@.rsrc........0......................@..@.reloc..t....@......................@..B........................................................................................................................................................................................................................................................
                                                    Process:C:\Windows\System32\msiexec.exe
                                                    File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: psqlODBC_x64, Author: PostgreSQL Global Development Group, Keywords: PostgreSQL, ODBC, Comments: PostgreSQL ODBC Driver, Template: x64;1033, Revision Number: {78AE5022-A9EB-48D5-B652-DDFC32960BCA}, Create Time/Date: Sat Sep 16 09:16:58 2023, Last Saved Time/Date: Sat Sep 16 09:16:58 2023, Number of Pages: 300, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.11.2.4516), Security: 2
                                                    Category:dropped
                                                    Size (bytes):5967872
                                                    Entropy (8bit):7.905046800288805
                                                    Encrypted:false
                                                    SSDEEP:98304:NXThs3HmF89uUY+XJvJvOA0xtETuFDzefmIF+hRlzyubP8qugOf9DJQKi5X2Cshm:Jr/UY+XJxJ0rEqufmIEhHzRbUqXOzQ/w
                                                    MD5:771A6AD5CBC88FEACEBF160983311541
                                                    SHA1:6F417C9D2ABFD905461FDACEA0ED48C9DD9B5E7D
                                                    SHA-256:A56B6A093FE39CA024E5C819535F608823C568537E24E945711E8C96380CF177
                                                    SHA-512:03AF48B5428FCD0B2BC547EC436FDC1067048E7F471169BAD3A8B530D2F9931DB4455F6DFD0F1FD9E3607241D3E811D037F654F4E3105B5DE173395D1F2224D5
                                                    Malicious:false
                                                    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                    Process:C:\Windows\System32\msiexec.exe
                                                    File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: psqlODBC_x64, Author: PostgreSQL Global Development Group, Keywords: PostgreSQL, ODBC, Comments: PostgreSQL ODBC Driver, Template: x64;1033, Revision Number: {78AE5022-A9EB-48D5-B652-DDFC32960BCA}, Create Time/Date: Sat Sep 16 09:16:58 2023, Last Saved Time/Date: Sat Sep 16 09:16:58 2023, Number of Pages: 300, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.11.2.4516), Security: 2
                                                    Category:dropped
                                                    Size (bytes):5967872
                                                    Entropy (8bit):7.905046800288805
                                                    Encrypted:false
                                                    SSDEEP:98304:NXThs3HmF89uUY+XJvJvOA0xtETuFDzefmIF+hRlzyubP8qugOf9DJQKi5X2Cshm:Jr/UY+XJxJ0rEqufmIEhHzRbUqXOzQ/w
                                                    MD5:771A6AD5CBC88FEACEBF160983311541
                                                    SHA1:6F417C9D2ABFD905461FDACEA0ED48C9DD9B5E7D
                                                    SHA-256:A56B6A093FE39CA024E5C819535F608823C568537E24E945711E8C96380CF177
                                                    SHA-512:03AF48B5428FCD0B2BC547EC436FDC1067048E7F471169BAD3A8B530D2F9931DB4455F6DFD0F1FD9E3607241D3E811D037F654F4E3105B5DE173395D1F2224D5
                                                    Malicious:false
                                                    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                    Process:C:\Windows\System32\msiexec.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):6030
                                                    Entropy (8bit):5.696248801519158
                                                    Encrypted:false
                                                    SSDEEP:96:ULuQ2grbZJVBNKkf+sT2Ae1PTC+QCYEPfdUs:guQ2gX4XAeh3aW1P
                                                    MD5:2EA424582BDB70450B402AA22352B9B6
                                                    SHA1:F14890B772A6E50C916BDB8419F0B855DFDC5A2F
                                                    SHA-256:F2F7E2A50495A50B40E6D99355E46DE35C03DAE5083D4BC24D2F541332AD7ABA
                                                    SHA-512:A27AFB66E0A679552D8267143980D76F262D55B0A34E35939E34C6C076B8CA9436D471FBEC73BF56A0DF10F1CE9DDB37ACF7271F82EC0062ADD8C70F10AF8F93
                                                    Malicious:false
                                                    Preview:...@IXOS.@.....@{.uW.@.....@.....@.....@.....@.....@......&.{128C70F8-E74C-49E7-B3F1-0B8CAC1AF4C5}..psqlODBC_x64..psqlodbc_x64.msi.@.....@.....@.....@........&.{78AE5022-A9EB-48D5-B652-DDFC32960BCA}.....@.....@.....@.....@.......@.....@.....@.......@......psqlODBC_x64......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration.....@.....@.....@.]....&.{0C745A85-4E55-4BAB-BBF1-DCF51D92FCC5}&.{128C70F8-E74C-49E7-B3F1-0B8CAC1AF4C5}..&.{0C745A85-4E55-4BAB-BBF1-DCF51D92FCC5}...@.....@......&.{E6410EE8-96DC-4D84-8D07-94F8093BF3EF}&.{128C70F8-E74C-49E7-B3F1-0B8CAC1AF4C5}..&.{E6410EE8-96DC-4D84-8D07-94F8093BF3EF}...@.....@.......@.....@.....@.]....&.{4D361F28-8F75-4C86-9A37-6C279967413D}!.22:\Software\psqlODBC_x64\Version.@.......@.....@.....@......&.{5C9A19B5-D7C6-4BB4-BBBC-88C2A67A59B0},.C:\Program Files\psqlODBC\1600\bin\libpq.dll.@.......@.....@.....@......&.{121A6C41-2B8F-463D-BA84-6BF367
                                                    Process:C:\Windows\System32\msiexec.exe
                                                    File Type:Composite Document File V2 Document, Cannot read section info
                                                    Category:dropped
                                                    Size (bytes):20480
                                                    Entropy (8bit):1.1654171976683254
                                                    Encrypted:false
                                                    SSDEEP:12:JSbX72FjH/iAGiLIlHVRpLh/7777777777777777777777777vDHFvC+GT2u0l0G:Jp6QI5PlC+idF
                                                    MD5:9FF3CC7FC135EEE3FC44935ED97CFA35
                                                    SHA1:3FC0D79161DBD6B6BA990CB8D762188CCAFC437A
                                                    SHA-256:3194A8FA427C3BBC2B14E5B281F43C4A3078998F25A3FB82EDB9D7A9FBAFB3F4
                                                    SHA-512:FF62EB6DF707FCB5926D3CE9EF56030905CBB9EBFE29AA3455F3E0329561591B4ADD6477DD8914F42FF646F17372F7BE246BDCB6FE7E0902D367A3EFD4D84A82
                                                    Malicious:false
                                                    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                    Process:C:\Windows\System32\msiexec.exe
                                                    File Type:Composite Document File V2 Document, Cannot read section info
                                                    Category:dropped
                                                    Size (bytes):20480
                                                    Entropy (8bit):1.6485375284415715
                                                    Encrypted:false
                                                    SSDEEP:48:Lg8Ph0uRc06WXJSFT5s2dWdxedRdESTDdforndWdxedRdESsDdZH:bh01JFTCPsn
                                                    MD5:3F99BD825911D91CF5606E58146DB5F1
                                                    SHA1:FA360CAF48EB44457CF14FE80ACC7099B94873A7
                                                    SHA-256:DB9468B2C5BF3DAD260D2E2FF9201CBE340C6022A496050D7305C1FB756F0D41
                                                    SHA-512:9E28B354D7AB3FEE45A908B45E3FF32C07C3AB1EF6C9DEA115EF1C3A405E01F1DA43649A5152C6C33C15CE063AB0BFD065930CD993DF0B420AF50B3BF6EAD520
                                                    Malicious:false
                                                    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                    Process:C:\Windows\System32\msiexec.exe
                                                    File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):364484
                                                    Entropy (8bit):5.365486162120588
                                                    Encrypted:false
                                                    SSDEEP:1536:6qELG7gK+RaOOp3LCCpfmLgYI66xgFF9Sq8K6MAS2OMUHl6Gin327D22A26Kgaue:zTtbmkExhMJCIpEF
                                                    MD5:B7E8D7B3712FE703075CD52986023A58
                                                    SHA1:94EA6B5C7FA1B8475E39E8FCD928F20132F0C12A
                                                    SHA-256:A3F9CE80D77DCE8512D514EE9EA078BAFAE3E58CB809A2CFD895D47B46D8268F
                                                    SHA-512:615095A9AB7BA832C57545D64EB61E16B44EECD0EA5E9DA8332A37A4D58EE6FEA6D10AA280B319202EB8D7F004688B0984F2E9EC9463929CB67713A9DFDA5F0C
                                                    Malicious:false
                                                    Preview:.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..12/07/2019 14:54:22.458 [5488]: Command line: D:\wd\compilerTemp\BMT.200yuild.1bk\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..12/07/2019 14:54:22.473 [5488]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..12/07/2019 14:54:22.490 [5488]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..12/07/2019 14:54:22.490 [5488]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..12/07/2019 14:54:22.490 [
                                                    Process:C:\Windows\System32\msiexec.exe
                                                    File Type:Generic INItialization configuration [ODBC 32 bit Drivers]
                                                    Category:dropped
                                                    Size (bytes):815
                                                    Entropy (8bit):5.350701315089621
                                                    Encrypted:false
                                                    SSDEEP:12:QUvFpX3sgRUvFE+z+FE+csk+5VELhz+FpX4Ds40QcsJX3sgQ5VpX4Ds40n:AdWlVC2cq7V1/
                                                    MD5:DBAE38115F24B213E414CA0C9C8E5F55
                                                    SHA1:C64E8C21913A9A94D18D936B8AF5929A8C45EE7E
                                                    SHA-256:B0445E00560C3CC74D3D571DF9C704AFD9D4BFF952FEFEBC6D9273CD9A2DF019
                                                    SHA-512:75C2840E2FAA9557A8631A642183F3634EF6091728E773E933FA60BCC8CCFCDBB32728D42445C1E0391E2F516466F2A9B856C83AD3A2994DF896181720D742F5
                                                    Malicious:false
                                                    Preview:[PostgreSQL ANSI(x64) (32 bit)]..Driver=C:\Program Files\psqlODBC\1600\bin\psqlodbc30a.dll..Setup=C:\Program Files\psqlODBC\1600\bin\psqlodbc30a.dll..32Bit=1..[ODBC 32 bit Drivers]..PostgreSQL ANSI(x64) (32 bit)=Installed..PostgreSQL Unicode(x64) (32 bit)=Installed..PostgreSQL ANSI (32 bit)=Installed..PostgreSQL Unicode (32 bit)=Installed..[PostgreSQL Unicode(x64) (32 bit)]..Driver=C:\Program Files\psqlODBC\1600\bin\psqlodbc35w.dll..Setup=C:\Program Files\psqlODBC\1600\bin\psqlodbc35w.dll..32Bit=1..[PostgreSQL ANSI (32 bit)]..Driver=C:\Program Files\psqlODBC\1600\bin\psqlodbc30a.dll..Setup=C:\Program Files\psqlODBC\1600\bin\psqlodbc30a.dll..32Bit=1..[PostgreSQL Unicode (32 bit)]..Driver=C:\Program Files\psqlODBC\1600\bin\psqlodbc35w.dll..Setup=C:\Program Files\psqlODBC\1600\bin\psqlodbc35w.dll..32Bit=1..
                                                    Process:C:\Windows\System32\msiexec.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):69632
                                                    Entropy (8bit):0.17619268009289762
                                                    Encrypted:false
                                                    SSDEEP:48:tLmdWdxedRdESsDdIdWdxedRdESTDdfor2:trfW
                                                    MD5:83F9ED8A342D1099071564C9F58BAF6B
                                                    SHA1:0E367CFE6347A4A5238DEFB27ACBDB4C1FB63BE3
                                                    SHA-256:50864DAD4DAB5697AD8BF7714AC6409F92EA46AFB90E5E593DEE29AD2FAB7088
                                                    SHA-512:42848F52748BE955D6494B13FD20F6D4A4496EF3159D3E45F9531B52520A54335317FE9FCE1461A60F59AAD86C85C4AC13FA604ED36E90BB722CEA3ECD9DEB16
                                                    Malicious:false
                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                    Process:C:\Windows\System32\msiexec.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):512
                                                    Entropy (8bit):0.0
                                                    Encrypted:false
                                                    SSDEEP:3::
                                                    MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                    SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                    SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                    SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                    Malicious:false
                                                    Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                    Process:C:\Windows\System32\msiexec.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):512
                                                    Entropy (8bit):0.0
                                                    Encrypted:false
                                                    SSDEEP:3::
                                                    MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                    SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                    SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                    SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                    Malicious:false
                                                    Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                    Process:C:\Windows\System32\msiexec.exe
                                                    File Type:Composite Document File V2 Document, Cannot read section info
                                                    Category:dropped
                                                    Size (bytes):20480
                                                    Entropy (8bit):1.6485375284415715
                                                    Encrypted:false
                                                    SSDEEP:48:Lg8Ph0uRc06WXJSFT5s2dWdxedRdESTDdforndWdxedRdESsDdZH:bh01JFTCPsn
                                                    MD5:3F99BD825911D91CF5606E58146DB5F1
                                                    SHA1:FA360CAF48EB44457CF14FE80ACC7099B94873A7
                                                    SHA-256:DB9468B2C5BF3DAD260D2E2FF9201CBE340C6022A496050D7305C1FB756F0D41
                                                    SHA-512:9E28B354D7AB3FEE45A908B45E3FF32C07C3AB1EF6C9DEA115EF1C3A405E01F1DA43649A5152C6C33C15CE063AB0BFD065930CD993DF0B420AF50B3BF6EAD520
                                                    Malicious:false
                                                    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                    Process:C:\Windows\System32\msiexec.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):512
                                                    Entropy (8bit):0.0
                                                    Encrypted:false
                                                    SSDEEP:3::
                                                    MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                    SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                    SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                    SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                    Malicious:false
                                                    Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                    Process:C:\Windows\System32\msiexec.exe
                                                    File Type:Composite Document File V2 Document, Cannot read section info
                                                    Category:dropped
                                                    Size (bytes):20480
                                                    Entropy (8bit):1.6485375284415715
                                                    Encrypted:false
                                                    SSDEEP:48:Lg8Ph0uRc06WXJSFT5s2dWdxedRdESTDdforndWdxedRdESsDdZH:bh01JFTCPsn
                                                    MD5:3F99BD825911D91CF5606E58146DB5F1
                                                    SHA1:FA360CAF48EB44457CF14FE80ACC7099B94873A7
                                                    SHA-256:DB9468B2C5BF3DAD260D2E2FF9201CBE340C6022A496050D7305C1FB756F0D41
                                                    SHA-512:9E28B354D7AB3FEE45A908B45E3FF32C07C3AB1EF6C9DEA115EF1C3A405E01F1DA43649A5152C6C33C15CE063AB0BFD065930CD993DF0B420AF50B3BF6EAD520
                                                    Malicious:false
                                                    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                    Process:C:\Windows\System32\msiexec.exe
                                                    File Type:Composite Document File V2 Document, Cannot read section info
                                                    Category:dropped
                                                    Size (bytes):32768
                                                    Entropy (8bit):1.3140013168071714
                                                    Encrypted:false
                                                    SSDEEP:48:Sy2G8u+PveFXJjT5hVg2dWdxedRdESTDdforndWdxedRdESsDdZH:b8O7TPVgPsn
                                                    MD5:79C43BA43B0996C96AB30CA3B87AAF69
                                                    SHA1:96FFA63AD578C80732B86370C640A01F6A968287
                                                    SHA-256:505D0B735DAFAF6E2D7172C7A2B1692BE174095D46E86859AE378387B19ECC2E
                                                    SHA-512:87744C014EDC141BC3C97CAA5560546201E4661C179D44FD89411063452E426004280B92A340D14A4C02829FC836D7A262CD5EB8D8E1CB50A67F7480ACB83A3E
                                                    Malicious:false
                                                    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                    Process:C:\Windows\System32\msiexec.exe
                                                    File Type:Composite Document File V2 Document, Cannot read section info
                                                    Category:dropped
                                                    Size (bytes):32768
                                                    Entropy (8bit):1.3140013168071714
                                                    Encrypted:false
                                                    SSDEEP:48:Sy2G8u+PveFXJjT5hVg2dWdxedRdESTDdforndWdxedRdESsDdZH:b8O7TPVgPsn
                                                    MD5:79C43BA43B0996C96AB30CA3B87AAF69
                                                    SHA1:96FFA63AD578C80732B86370C640A01F6A968287
                                                    SHA-256:505D0B735DAFAF6E2D7172C7A2B1692BE174095D46E86859AE378387B19ECC2E
                                                    SHA-512:87744C014EDC141BC3C97CAA5560546201E4661C179D44FD89411063452E426004280B92A340D14A4C02829FC836D7A262CD5EB8D8E1CB50A67F7480ACB83A3E
                                                    Malicious:false
                                                    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                    Process:C:\Windows\System32\msiexec.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):512
                                                    Entropy (8bit):0.0
                                                    Encrypted:false
                                                    SSDEEP:3::
                                                    MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                    SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                    SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                    SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                    Malicious:false
                                                    Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                    Process:C:\Windows\System32\msiexec.exe
                                                    File Type:Composite Document File V2 Document, Cannot read section info
                                                    Category:dropped
                                                    Size (bytes):32768
                                                    Entropy (8bit):1.3140013168071714
                                                    Encrypted:false
                                                    SSDEEP:48:Sy2G8u+PveFXJjT5hVg2dWdxedRdESTDdforndWdxedRdESsDdZH:b8O7TPVgPsn
                                                    MD5:79C43BA43B0996C96AB30CA3B87AAF69
                                                    SHA1:96FFA63AD578C80732B86370C640A01F6A968287
                                                    SHA-256:505D0B735DAFAF6E2D7172C7A2B1692BE174095D46E86859AE378387B19ECC2E
                                                    SHA-512:87744C014EDC141BC3C97CAA5560546201E4661C179D44FD89411063452E426004280B92A340D14A4C02829FC836D7A262CD5EB8D8E1CB50A67F7480ACB83A3E
                                                    Malicious:false
                                                    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                    Process:C:\Windows\System32\msiexec.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):32768
                                                    Entropy (8bit):0.0726430224052237
                                                    Encrypted:false
                                                    SSDEEP:6:2/9LG7iVCnLG7iVrKOzPLHKOYOC+/uT2REIVky6l0:2F0i8n0itFzDHFvC+GT2u0
                                                    MD5:FC561E1B00B9E69735A7EC5A0463DAD4
                                                    SHA1:75503087940A23E447283DFEBDC065CCDF69B58D
                                                    SHA-256:5F5E8893F2DDF35CAE42A97E603659B46DE919AF0551E7236A5E689B643C7BB0
                                                    SHA-512:E42B50C32431793B554E08BD47A92B465EBAB7C303F4B62569AC388E723C864ADC4E952AB1E2C3CE88E72570019D39F666B28153349CCE974757BD433044430D
                                                    Malicious:false
                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                    Process:C:\Windows\System32\msiexec.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):512
                                                    Entropy (8bit):0.0
                                                    Encrypted:false
                                                    SSDEEP:3::
                                                    MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                    SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                    SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                    SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                    Malicious:false
                                                    Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                    File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: psqlODBC_x64, Author: PostgreSQL Global Development Group, Keywords: PostgreSQL, ODBC, Comments: PostgreSQL ODBC Driver, Template: x64;1033, Revision Number: {78AE5022-A9EB-48D5-B652-DDFC32960BCA}, Create Time/Date: Sat Sep 16 09:16:58 2023, Last Saved Time/Date: Sat Sep 16 09:16:58 2023, Number of Pages: 300, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.11.2.4516), Security: 2
                                                    Entropy (8bit):7.905046800288805
                                                    TrID:
                                                    • Microsoft Windows Installer (60509/1) 88.31%
                                                    • Generic OLE2 / Multistream Compound File (8008/1) 11.69%
                                                    File name:psqlodbc_x64.msi
                                                    File size:5'967'872 bytes
                                                    MD5:771a6ad5cbc88feacebf160983311541
                                                    SHA1:6f417c9d2abfd905461fdacea0ed48c9dd9b5e7d
                                                    SHA256:a56b6a093fe39ca024e5c819535f608823c568537e24e945711e8c96380cf177
                                                    SHA512:03af48b5428fcd0b2bc547ec436fdc1067048e7f471169bad3a8b530d2f9931db4455f6dfd0f1fd9e3607241d3e811d037f654f4e3105b5de173395d1f2224d5
                                                    SSDEEP:98304:NXThs3HmF89uUY+XJvJvOA0xtETuFDzefmIF+hRlzyubP8qugOf9DJQKi5X2Cshm:Jr/UY+XJxJ0rEqufmIEhHzRbUqXOzQ/w
                                                    TLSH:4556232C54C48962F4F6FD3E8E56E7980A7B9CE0E963DE96F250335C1A797E01630683
                                                    File Content Preview:........................>......................................................................................................................................................................................................................................
                                                    Icon Hash:2d2e3797b32b2b99
                                                    No network behavior found
                                                    050100s020406080100

                                                    Click to jump to process

                                                    050100s0.005101520MB

                                                    Click to jump to process

                                                    Target ID:0
                                                    Start time:20:11:36
                                                    Start date:21/11/2023
                                                    Path:C:\Windows\System32\msiexec.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\psqlodbc_x64.msi"
                                                    Imagebase:0x7ff675d50000
                                                    File size:69'632 bytes
                                                    MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:moderate
                                                    Has exited:true
                                                    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                                    Target ID:1
                                                    Start time:20:11:36
                                                    Start date:21/11/2023
                                                    Path:C:\Windows\System32\msiexec.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:C:\Windows\system32\msiexec.exe /V
                                                    Imagebase:0x7ff675d50000
                                                    File size:69'632 bytes
                                                    MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:moderate
                                                    Has exited:false
                                                    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                                    Target ID:3
                                                    Start time:20:11:53
                                                    Start date:21/11/2023
                                                    Path:C:\Windows\System32\msiexec.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:C:\Windows\System32\MsiExec.exe -Embedding DA45A90C43714F84B3F246CC87EA289F
                                                    Imagebase:0x7ff675d50000
                                                    File size:69'632 bytes
                                                    MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:moderate
                                                    Has exited:true

                                                    No disassembly